openapi: 3.0.1 info: title: Identity Security Cloud V2024 API description: Use these APIs to interact with the Identity Security Cloud platform to achieve repeatable, automated processes with greater scalability. We encourage you to join the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss to connect with other developers using our APIs. termsOfService: https://developer.sailpoint.com/discuss/tos contact: name: Developer Relations url: https://developer.sailpoint.com/discuss/api-help license: name: MIT url: https://opensource.org/licenses/MIT version: v2024 servers: - url: https://{tenant}.api.identitynow.com/v2024 description: This is the production API server. variables: tenant: default: sailpoint description: This is the name of your tenant, typically your company's name. - url: https://{apiUrl}/v2024 description: This is the V2024 API server. variables: apiUrl: default: sailpoint.api.identitynow.com description: This is the api url of your tenant security: - userAuth: - sp:scopes:all tags: - name: Access Model Metadata description: | Use this API to create and manage metadata attributes for your Access Model. Access Model Metadata allows you to add contextual information to your ISC Access Model items using pre-defined metadata for risk, regulations, privacy levels, etc., or by creating your own metadata attributes to reflect the unique needs of your organization. This release of the API includes support for entitlement metadata. Support for role and access profile metadata will be introduced in a subsequent release. Common usages for Access Model metadata include: - Organizing and categorizing access items to make it easier for your users to search for and find the access rights they want to request, certify, or manage. - Providing richer information about access that is being acted on to allow stakeholders to make better decisions when approving, certifying, or managing access rights. - Identifying access that may requires additional approval requirements or be subject to more frequent review. - name: Access Profiles description: | Use this API to implement and customize access profile functionality. With this functionality in place, administrators can create access profiles and configure them for use throughout Identity Security Cloud, enabling users to get the access they need quickly and securely. Access profiles group entitlements, which represent access rights on sources. For example, an Active Directory source in Identity Security Cloud can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization. An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement. When users only need Active Directory employee access, they can request access to the 'Employees' entitlement. When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile. Identity Security Cloud uses access profiles in many features, including the following: - Provisioning: When you use the Provisioning Service, lifecycle states and roles both grant access to users in the form of access profiles. - Certifications: You can approve or revoke access profiles in certification campaigns, just like entitlements. - Access Requests: You can assign access profiles to applications, and when a user requests access to the app associated with an access profile and someone approves the request, access is granted to both the application and its associated access profile. - Roles: You can group one or more access profiles into a role to quickly assign access items based on an identity's role. In Identity Security Cloud, administrators can use the Access drop-down menu and select Access Profiles to view, configure, and delete existing access profiles, as well as create new ones. Administrators can enable and disable an access profile, and they can also make the following configurations: - Manage Entitlements: Manage the profile's access by adding and removing entitlements. - Access Requests: Configure access profiles to be requestable and establish an approval process for any requests that the access profile be granted or revoked. Do not configure an access profile to be requestable without first establishing a secure access request approval process for the access profile. - Multiple Account Options: Define the logic Identity Security Cloud uses to provision access to an identity with multiple accounts on the source. Refer to [Managing Access Profiles](https://documentation.sailpoint.com/saas/help/access/access-profiles.html) for more information about access profiles. - name: Access Request Approvals description: | Use this API to implement and customize access request approval functionality. With this functionality in place, administrators can delegate qualified users to review users' requests for access or managers' requests to revoke team members' access to applications, entitlements, or roles. This enables more qualified users to review access requests and the others to spend their time on other tasks. In Identity Security Cloud, users can request access to applications, entitlements, and roles, and managers can request that team members' access be revoked. For applications and entitlements, administrators can set access profiles to require approval from the access profile owner, the application owner, the source owner, the requesting user's manager, or a governance group for access to be granted or revoked. For roles, administrators can also set roles to allow access requests and require approval from the role owner, the requesting user's manager, or a governance group for access to be granted or revoked. If the administrator designates a governance group as the required approver, any governance group member can approve the requests. When a user submits an access request, Identity Security Cloud sends the first required approver in the queue an email notification, based on the access request configuration's approval and reminder escalation configuration. In Approvals in Identity Security Cloud, required approvers can view pending access requests under the Requested tab and approve or deny them, or the approvers can reassign the requests to different reviewers for approval. If the required approver approves the request and is the only reviewer required, Identity Security Cloud grants or revokes access, based on the request. If multiple reviewers are required, Identity Security Cloud sends the request to the next reviewer in the queue, based on the access request configuration's approval reminder and escalation configuration. The required approver can then view any completed access requests under the Reviewed tab. Refer to [Access Requests](https://documentation.sailpoint.com/saas/help/requests/index.html) for more information about access request approvals. - name: Access Request Identity Metrics description: | Use this API to implement access request identity metrics functionality. With this functionality in place, access request reviewers can see relevant details about the requested access item and associated source activity. This allows reviewers to see how many of the identities who share a manager with the access requester have this same type of access and how many of them have had activity in the related source. This additional context about whether the access has been granted before and how often it has been used can help those approving access requests make more informed decisions. - name: Access Requests description: | Use this API to implement and customize access request functionality. With this functionality in place, users can request access to applications, entitlements, or roles, and managers can request that team members' access be revoked. This allows users to get access to the tools they need quickly and securely, and it allows managers to take away access to those tools. Identity Security Cloud's Access Request service allows end users to request access that requires approval before it can be granted to users and enables qualified users to review those requests and approve or deny them. In the Request Center in Identity Security Cloud, users can view available applications, roles, and entitlements and request access to them. If the requested tools requires approval, the requests appear as 'Pending' under the My Requests tab until the required approver approves, rejects, or cancels them. Users can use My Requests to track and/or cancel the requests. In My Team on the Identity Security Cloud Home, managers can submit requests to revoke their team members' access. They can use the My Requests tab under Request Center to track and/or cancel the requests. Refer to [Requesting Access](https://documentation.sailpoint.com/saas/user-help/requests/request_center.html) for more information about access requests. - name: Account Activities description: | Use this API to implement account activity tracking functionality. With this functionality in place, users can track source account activity in Identity Security Cloud, which greatly improves traceability in the system. An account activity refers to a log of each action performed on a source account. This is useful for auditing the changes performed on an account throughout its life. In Identity Security Cloud's Search, users can search for account activities and select the activity's row to get an overview of the activity's account action and view its progress, its involved sources, and its most basic metadata, such as the identity requesting the option and the recipient. Account activity includes most actions Identity Security Cloud completes on source accounts. Users can search in Identity Security Cloud for the following account action types: - Access Request: These include any access requests the source account is involved in. - Account Attribute Updates: These include updates to a single attribute on an account on a source. - Account State Update: These include locking or unlocking actions on an account on a source. - Certification: These include actions removing an entitlement from an account on a source as a result of the entitlement's revocation during a certification. - Cloud Automated `Lifecyclestate`: These include automated lifecycle state changes that result in a source account's correlated identity being assigned to a different lifecycle state. Identity Security Cloud replaces the `Lifecyclestate` variable with the name of the lifecycle state it has moved the account's identity to. - Identity Attribute Update: These include updates to a source account's correlated identity attributes as the result of a provisioning action. When you update an identity attribute that also updates an identity's lifecycle state, the cloud automated `Lifecyclestate` event also displays. Account Activity does not include attribute updates that occur as a result of aggregation. - Identity Refresh: These include correlated identity refreshes that occur for an account on a source whenever the account's correlated identity profile gets a new role or updates. These also include refreshes that occur whenever Identity Security Cloud assigns an application to the account's correlated identity based on the application's being assigned to All Users From Source or Specific Users From Source. - Lifecycle State Refresh: These include the actions that took place when a lifecycle state changed. This event only occurs after a cloud automated `Lifecyclestate` change or a lifecycle state change. - Lifecycle State Change: These include the account activities that result from an identity's manual assignment to a null lifecycle state. - Password Change: These include password changes on sources. Refer to [Account Activity](https://documentation.sailpoint.com/saas/help/search/index.html#account-activity) for more information about account activities. - name: Account Aggregations description: | Use this API to implement account aggregation progress tracking functionality. With this functionality in place, administrators can view in-progress account aggregations, their statuses, and their relevant details. An account aggregation refers to the process Identity Security Cloud uses to gather and load account data from a source into Identity Security Cloud. Whenever Identity Security Cloud is in the process of aggregating a source, it adds an entry to the Aggregation Activity Log, along with its relevant details. To view aggregation activity, administrators can select the Connections drop-down menu, select Sources, and select the relevant source, select its Import Data tab, and select Account Aggregation. In Account Aggregation, administrators can view the account aggregations' statuses and details in the Account Activity Log. Refer to [Loading Account Data](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html) for more information about account aggregations. - name: Account Usages description: | Use this API to implement account usage insight functionality. With this functionality in place, administrators can gather information and insights about how their tenants' source accounts are being used. This allows organizations to get the information they need to start optimizing and securing source account usage. - name: Accounts description: | Use this API to implement and customize account functionality. With this functionality in place, administrators can manage users' access across sources in Identity Security Cloud. In Identity Security Cloud, an account refers to a user's account on a supported source. This typically includes a unique identifier for the user, a unique password, a set of permissions associated with the source and a set of attributes. Identity Security Cloud loads accounts through the creation of sources in Identity Security Cloud. Administrators can correlate users' identities with the users' accounts on the different sources they use. This allows Identity Security Cloud to govern the access of identities and all their correlated accounts securely and cohesively. To view the accounts on a source and their correlated identities, administrators can use the Connections drop-down menu, select Sources, select the relevant source, and select its Account tab. To view and edit source account statuses for an identity in Identity Security Cloud, administrators can use the Identities drop-down menu, select Identity List, select the relevant identity, and select its Accounts tab. Administrators can toggle an account's Actions to aggregate the account, enable/disable it, unlock it, or remove it from the identity. Accounts can have the following statuses: - Enabled: The account is enabled. The user can access it. - Disabled: The account is disabled, and the user cannot access it, but the identity is not disabled in Identity Security Cloud. This can occur when an administrator disables the account or when the user's lifecycle state changes. - Locked: The account is locked. This may occur when someone has entered an incorrect password for the account too many times. - Pending: The account is currently updating. This status typically lasts seconds. Administrators can select the source account to view its attributes, entitlements, and the last time the account's password was changed. Refer to [Managing User Accounts](https://documentation.sailpoint.com/saas/help/accounts/identities.html?h=disabling+identities#managing-access) for more information about accounts. - name: Application Discovery description: | Use this API to implement application discovery functionality. With this functionality in place, you can discover applications within your Okta connector and receive connector recommendations by manually uploading application names. - name: Approvals description: | Use this API to implement approval functionality. With this functionality in place, you can get generic approvals and modify them. The main advantages this API has vs [Access Request Approvals](https://developer.sailpoint.com/docs/api/v2024/access-request-approvals) are that you can use it to get generic approvals individually or in batches and make changes to those approvals. - name: Apps description: | Use this API to implement source application functionality. With this functionality in place, you can create, customize, and manage applications within sources. - name: Auth Profile description: | Use this API to implement Auth Profile functionality. With this functionality in place, users can read authentication profiles and make changes to them. An authentication profile represents an identity profile's authentication configuration. When the identity profile is created, its authentication profile is also created. An authentication profile includes information like its authentication profile type (`BLOCK`, `MFA`, `NON_PTA`, PTA`) and settings controlling whether or not it blocks access from off network or untrusted geographies. - name: Auth Users description: | Use this API to implement user authentication system functionality. With this functionality in place, users can get a user's authentication system details, including their capabilities, and modify those capabilities. The user's capabilities refer to their access to different systems, or authorization, within the tenant, like access to certifications (CERT_ADMIN) or reports (REPORT_ADMIN). These capabilities also determine a user's access to the different APIs. This API provides users with a way to determine a user's access and make quick and easy changes to that access. - name: Branding description: | Use this API to implement and customize branding functionality. With this functionality in place, administrators can get and manage existing branding items, and they can also create new branding items and configure them for use throughout Identity Security Cloud. The Branding APIs provide administrators with a way to customize branding items. This customization includes details like their colors, logos, and other information. Refer to [Certifications](https://documentation.sailpoint.com/saas/user-help/certs/reviewing/index.html) for more information about certifications. - name: Certification Campaign Filters description: | Use this API to implement the certification campaign filter functionality. These filters can be used to create a certification campaign that includes a subset of your entitlements or users to certify. For example, if for a certification campaign an organization wants to certify only specific users or entitlements, then those can be included/excluded on the basis of campaign filters. For more information about creating a campaign filter, refer to [Creating a Campaign Filter](https://documentation.sailpoint.com/saas/help/certs/campaign_filters.html#creating-a-campaign-filter) You can create campaign filters using any of the following criteria types: - Access Profile : This criteria type includes or excludes access profiles from a campaign. - Account Attribute : This criteria type includes or excludes certification items that match a specified value in an account attribute. - Entitlement : This criteria type includes or excludes entitlements from a campaign. - Identity : This criteria type includes or excludes specific identities from your campaign. - Identity Attribute : This criteria type includes or excludes identities based on whether they have an identity attribute that matches criteria you've chosen. - Role : This criteria type includes or excludes roles, as opposed to identities. - Source : This criteria type includes or excludes entitlements from a source you select. For more information about these criteria types, refer to [Types of Campaign Filters](https://documentation.sailpoint.com/saas/help/certs/campaign_filters.html#types-of-campaign-filters) Once the campaign filter is created, it can be linked while creating the campaign. The generated campaign will have the items to review as per the campaign filter. For example, An inclusion campaign filter is created with a source of Source 1, an operation of Equals, and an entitlement of Entitlement 1. When this filter is selected, only users who have Entitlement 1 are included in the campaign, and only Entitlement 1 is shown in the certification. - name: Certification Campaigns description: | Use this API to implement certification campaign functionality. With this functionality in place, administrators can create, customize, and manage certification campaigns for their organizations' use. Certification campaigns provide Identity Security Cloud users with an interactive review process they can use to identify and verify access to systems. Campaigns help organizations reduce risk of inappropriate access and satisfy audit requirements. A certification refers to Identity Security Cloud's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. These certifications serve as a way of showing that a user's access has been reviewed and approved. Multiple certifications by different reviewers are often required to approve a user's access. A set of multiple certifications is called a certification campaign. For example, an organization may use a Manager Certification campaign as a way of showing that a user's access has been reviewed and approved by multiple managers. Once this campaign has been completed, Identity Security Cloud would provision all the access the user needs, nothing more. Identity Security Cloud provides two simple campaign types users can create without using search queries, Manager and Source Owner campaigns: You can create these types of campaigns without using any search queries in Identity Security Cloud: - ManagerCampaign: Identity Security Cloud provides this campaign type as a way to ensure that an identity's access is certified by their managers. You only need to provide a name and description to create one. - Source Owner Campaign: Identity Security Cloud provides this campaign type as a way to ensure that an identity's access to a source is certified by its source owners. You only need to provide a name and description to create one. You can specify the sources whose owners you want involved or just run it across all sources. For more information about these campaign types, refer to [Starting a Manager or Source Owner Campaign](https://documentation.sailpoint.com/saas/help/certs/starting_campaign.html). One useful way to create certification campaigns in Identity Security Cloud is to use a specific search and then run a campaign on the results returned by that search. This allows you to be much more specific about whom you are certifying in your campaigns and what access you are certifying in your campaigns. For example, you can search for all identities who are managed by "Amanda.Ross" and also have the access to the "Accounting" role and then run a certification campaign based on that search to ensure that the returned identities are appropriately certified. You can use Identity Security Cloud search queries to create these types of campaigns: - Identities: Use this campaign type to review and revoke access items for specific identities. You can either build a search query and create a campaign certifying all identities returned by that query, or you can search for individual identities and add those identities to the certification campaign. - Access Items: Use this campaign type to review and revoke a set of roles, access profiles, or entitlements from the identities that have them. You can either build a search query and create a campaign certifying all access items returned by that query, or you can search for individual access items and add those items to the certification campaign. - Role Composition: Use this campaign type to review a role's composition, including its title, description, and membership criteria. You can either build a search query and create a campaign certifying all roles returned by that query, or you can search for individual roles and add those roles to the certification campaign. - Uncorrelated Accounts: Use this campaign type to certify source accounts that aren't linked to an authoritative identity in Identity Security Cloud. You can use this campaign type to view all the uncorrelated accounts for a source and certify them. For more information about search-based campaigns, refer to [Starting a Campaign from Search](https://documentation.sailpoint.com/saas/help/certs/starting_search_campaign.html). Once you have generated your campaign, it becomes available for preview. An administrator can review the campaign and make changes, or if it's ready and accurate, activate it. Once the campaign is active, organization administrators or certification administrators can designate other Identity Security Cloud users as certification reviewers. Those reviewers can view any of the certifications they either need to review (active) or have already reviewed (completed). When a certification campaign is in progress, certification reviewers see the listed active certifications whose involved identities they can review. Reviewers can then make decisions to grant or revoke access, as well as reassign the certification to another reviewer. If the reviewer chooses this option, they must provide a reason for reassignment in the form of a comment. Once a reviewer has made decisions on all the certification's involved access items, he or she must "Sign Off" to complete the review process. Doing so converts the certification into read-only status, preventing any further changes to the review decisions and deleting the work item (task) from the reviewer's list of work items. Once all the reviewers have signed off, the certification campaign either completes or, if any reviewers decided to revoke access for any of the involved identities, it moves into a remediation phase. In the remediation phase, identities' entitlements are altered to remove any entitlements marked for revocation. In this situation, the certification campaign completes once all the remediation requests are completed. The end of a certification campaign is determined by its deadline, its completion status, or by an administrator's decision. For more information about certifications and certification campaigns, refer to [Certifications](https://documentation.sailpoint.com/saas/user-help/certs/reviewing/index.html). - name: Certification Summaries description: | Use this API to implement certification summary functionality. With this functionality in place, administrators and designated certification reviewers can review summaries of identity certification campaigns and draw conclusions about the campaigns' scope, security, and effectiveness. Implementing certification summary functionality improves organizations' ability to review their [certifications](https://documentation.sailpoint.com/saas/user-help/certs/reviewing/index.html) and helps them satisfy audit and regulatory requirements by enabling them to trace access changes and the decisions made in their review processes. A certification refers to Identity Security Cloud's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. These certifications serve as a way of showing that a user's access has been reviewed and approved. Multiple certifications by different reviewers are often required to approve a user's access. A set of multiple certifications is called a certification campaign. For example, an organization may use a Manager Certification as a way of showing that a user's access has been reviewed and approved by their manager, or if the certification is part of a campaign, that the user's access has been reviewed and approved by multiple managers. Once this certification has been completed, Identity Security Cloud would provision all the access the user needs, nothing more. Certification summaries provide information about identity certification campaigns such as the identities involved, the number of decisions made, and the access changed. For example, an administrator or designated certification reviewer can examine the Manager Certification campaign to get an overview of how many entitlement decisions are made in that campaign as opposed to role decisions, which identities would be affected by changes to the campaign, and how those identities' access would be affected. - name: Certifications description: | Use this API to implement certification functionality. With this functionality in place, administrators and designated certification reviewers can review users' access certifications and decide whether to approve access, revoke it, or reassign the review to another reviewer. Implementing certifications improves organizations' data security by reducing inappropriate access through a distributed review process and helping them satisfy audit and regulatory requirements. A certification refers to Identity Security Cloud's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. These serve as a way of showing that a user's access has been reviewed and approved. Multiple certifications by different reviewers are often required to approve a user's access. A set of multiple certifications is called a certification campaign. For example, an organization may use a Manager Certification as a way of showing that a user's access has been reviewed and approved by their manager, or if the certification is part of a campaign, that the user's access has been reviewed and approved by multiple managers. Once this certification has been completed, Identity Security Cloud would provision all the access the user needs, nothing more. Organization administrators or certification administrators can designate other Identity Security Cloud users as certification reviewers. Those reviewers can select the 'Certifications' tab to view any of the certifications they either need to review or have already reviewed under the 'Active' and 'Completed' tabs, respectively. When a certification campaign is in progress, certification reviewers will see certifications listed under 'Active,' where they can review the involved identities. Under the 'Decision' column on the right, next to each access item, reviewers can select the checkmark to approve access, select the 'X' to revoke access, or they can toggle the 'More Options' menu to reassign the certification to another reviewer and provide a reason for reassignment in the form of a comment. Once a reviewer has made decisions on all the certification's involved access items, he or she must select 'Sign Off' to complete the review process. Doing so converts the certification into read-only status, preventing any further changes to the review decisions and deleting the work item (task) from the reviewer's list of work items. Once all the reviewers have signed off, the certification campaign either completes or, if any reviewers decided to revoke access for any of the involved identities, it moves into a remediation phase. In the remediation phase, identities' entitlements are altered to remove any entitlements marked for revocation. In this situation, the certification campaign completes once all the remediation requests are completed. - name: Configuration Hub description: | Use this API to implement and customize configuration settings management. With this functionality, you can access the Configuration Hub actions and build your own automated pipeline for Identity Security Cloud configuration change delivery and deployment. Common usages for Configuration Hub includes: - Upload configuration file - Configuration files can be managed and deployed using Configuration Hub by uploading a JSON file which contains configuration data. - Manage object mapping - Create rules to map and substitute attributes when migrating configurations. - Manage backups for configuration settings - Manage configuration drafts - Upload configurations and manage object mappings between tenants. Refer to [Using the SailPoint Configuration Hub](https://documentation.sailpoint.com/saas/help/confighub/config_hub.html) for more information about Configuration Hub. - name: Connector Customizers description: | Saas Connectivity Customizers are cloud-based connector customizers. The customizers allow you to customize the out of the box connectors in a similar way to how you can use rules to customize VA (virtual appliance) based connectors. Use these APIs to implement connector customizers functionality. - name: Connector Rule Management description: | Use this API to implement connector rule management functionality. With this functionality in place, administrators can implement connector-executed rules in a programmatic, scalable way. In Identity Security Cloud (ISC), [rules](https://developer.sailpoint.com/docs/extensibility/rules) serve as a flexible configuration framework you can leverage to perform complex or advanced configurations. [Connector-executed rules](https://developer.sailpoint.com/docs/extensibility/rules/connector-rules) are rules that are executed in the ISC virtual appliance (VA), usually extensions of the [connector](https://documentation.sailpoint.com/connectors/isc/landingpages/help/landingpages/isc_landing.html) itself, the bridge between the data source and ISC. This API allows administrators to view existing connector-executed rules, make changes to them, delete them, and create new ones from the available types. - name: Connectors description: | Use this API to implement connector functionality. With this functionality in place, administrators can view available connectors. Connectors are the bridges Identity Security Cloud uses to communicate with and aggregate data from sources. For example, if it is necessary to set up a connection between Identity Security Cloud and the Active Directory source, a connector can bridge the two and enable Identity Security Cloud to synchronize data between the systems. This ensures account entitlements and states are correct throughout the organization. In Identity Security Cloud, administrators can use the Connections drop-down menu and select Sources to view the available source connectors. Refer to [Identity Security Cloud Connectors](https://documentation.sailpoint.com/connectors/identitynow/landingpages/help/landingpages/identitynow_connectivity_landing.html) for more information about the connectors available in Identity Security Cloud. Refer to [SaaS Connectivity](https://developer.sailpoint.com/docs/connectivity/saas-connectivity/) for more information about the SaaS custom connectors that do not need VAs (virtual appliances) to communicate with their sources. Refer to [Managing Sources](https://documentation.sailpoint.com/saas/help/sources/index.html) for more information about using connectors in Identity Security Cloud. - name: Custom Forms description: | Use this API to build and manage custom forms. With this functionality in place, administrators can create and view form definitions and form instances. Forms are composed of sections and fields. Sections split the form into logical groups of fields and fields are the data collection points within the form. Configure conditions to modify elements of the form as the responder provides input. Create form inputs to pass information from a calling feature, like a workflow, to your form. Forms can be used within workflows as an action or as a trigger. The Form Action allows you to assign a form as a step in a running workflow, suspending the workflow until the form is submitted or times out, and the workflow resumes. The Form Submitted Trigger initiates a workflow when a form is submitted. The trigger can be configured to initiate on submission of a full form, a form element with any value, or a form element with a particular value. Refer to [Forms](https://documentation.sailpoint.com/saas/help/forms/index.html) for more information about using forms in Identity Security Cloud. - name: Custom Password Instructions description: | Use this API to implement custom password instruction functionality. With this functionality in place, administrators can create custom password instructions to help users reset their passwords, change them, unlock their accounts, or recover their usernames. This allows administrators to emphasize password policies or provide organization-specific instructions. Administrators must first use [Update Password Org Config](https://developer.sailpoint.com/docs/api/v2024/put-password-org-config/) to set `customInstructionsEnabled` to `true`. Once they have enabled custom instructions, they can use [Create Custom Password Instructions](https://developer.sailpoint.com/docs/api/v2024/create-custom-password-instructions/) to create custom page content for the specific pageId they select. For example, an administrator can use the pageId forget-username:user-email to set the custom text for the case when users forget their usernames and must enter their emails. Refer to [Creating Custom Instruction Text](https://documentation.sailpoint.com/saas/help/pwd/pwd_reset.html#creating-custom-instruction-text) for more information about creating custom password instructions. - name: Data Segmentation description: | This service is responsible for creating segments that will determine how access is delegated to identities withing the organization. - name: Dimensions description: |- Use this API to implement and customize dynamic role functionality. With this functionality in place, administrators can create dimensions and configure them for use throughout Identity Security Cloud. Identity Security Cloud can use established criteria to automatically assign the dimensions to qualified users. This enables users to get all the access they need quickly and securely and administrators to spend their time on other tasks. Entitlements represent the most granular level of access in Identity Security Cloud. Access profiles represent the next level and often group entitlements. Dimension represent access selectively based on the evaluation of contextual information that is available or provided. Each Dimension include context attributes and access selection expressions which map criteria to access right assignments. Each dimension can contain up to 5 context attributes. Dynamic Access Roles represent the broadest level of access and often group access profiles ,entitlements and dimensions.Each Dynamic Access Role may contain one or more Dimensions. - name: Discovered Applications description: | Use this API to retrieve all the available discovered apps for a given tenant id. - name: Entitlements description: | Use this API to implement and customize entitlement functionality. With this functionality in place, administrators can view entitlements and configure them for use throughout Identity Security Cloud in certifications, access profiles, and roles. Administrators in Identity Security Cloud can then grant users access to the entitlements or configure them so users themselves can request access to the entitlements whenever they need them. With a good approval process, this entitlement functionality allows users to gain the specific access they need on sources quickly and securely. Entitlements represent access rights on sources. Entitlements are the most granular form of access in Identity Security Cloud. Entitlements are often grouped into access profiles, and access profiles themselves are often grouped into roles, the broadest form of access in Identity Security Cloud. For example, an Active Directory source in Identity Security Cloud can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization. An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement. An administrator can then create an even broader set of access in the form of a role grouping the 'AD Developers' access profile with another profile, 'GitHub Developers,' grouping entitlements for the GitHub source. When users only need Active Directory employee access, they can request access to the 'Employees' entitlement. When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile. When users need both the 'AD Developers' access profile and the 'GitHub Developers' access profile, they can request access to the role grouping both. Administrators often use roles and access profiles within those roles to manage access so that users can gain access more quickly, but the hierarchy of access all starts with entitlements. Anywhere entitlements appear, you can select them to find more information about the following: - Cloud Access Details: These provide details about the cloud access entitlements on cloud-enabled sources. - Permissions: Permissions represent individual units of read/write/admin access to a system. - Relationships: These list each entitlement's parent and child relationships. - Type: This is the entitlement's type. Some sources support multiple types, each with a different attribute schema. Identity Security Cloud uses entitlements in many features, including the following: - Certifications: Entitlements can be revoked from an identity that no longer needs them. - Roles: Roles can group access profiles which themselves group entitlements. You can grant and revoke access on a broad level with roles. Role membership criteria can grant roles to identities based on whether they have certain entitlements or attributes. - Access Profiles: Access profiles group entitlements. They are the most important units of access in Identity Security Cloud. Identity Security Cloud uses them in provisioning, certifications, and access requests, and administrators can configure them to grant very broad or very granular access. You cannot delete entitlements directly from Identity Security Cloud. Entitlements are deleted based on their inclusion in aggregations. Refer to [Deleting Entitlements](https://documentation.sailpoint.com/saas/help/access/entitlements.html#deleting-entitlements) more information about deleting entitlements. Refer to [Entitlements](https://documentation.sailpoint.com/saas/help/access/entitlements.html) for more information about entitlements. - name: Global Tenant Security Settings description: | Use this API to implement and customize global tenant security settings. With this functionality in place, administrators can manage the global security settings that a tenant/org has. This API can be used to configure the networks and Geographies allowed to access Identity Security Cloud URLs. - name: Governance Groups description: | Use this API to implement and customize Governance Group functionality. With this functionality in place, administrators can create Governance Groups and configure them for use throughout Identity Security Cloud. A governance group is a group of users that can make governance decisions about access. If your organization has the Access Request or Certifications service, you can configure governance groups to review access requests or certifications. A governance group can determine whether specific access is appropriate for a user. Refer to [Creating and Managing Governance Groups](https://documentation.sailpoint.com/saas/help/common/users/governance_groups.html) for more information about how to build Governance Groups in the visual builder in the Identity Security Cloud UI. - name: IAI Access Request Recommendations - name: IAI Common Access - name: IAI Message Catalogs - name: IAI Outliers - name: IAI Peer Group Strategies - name: IAI Recommendations - name: IAI Role Mining - name: Icons description: | Use this API to implement functionality related to object icons (application icons for example). With this functionality in place, administrators can set or remove an icon for specific object type for use throughout Identity Security Cloud. - name: Identities description: | Use this API to implement identity functionality. With this functionality in place, administrators can synchronize an identity's attributes with its various source attributes. Identity Security Cloud uses identities as users' authoritative accounts. Identities can own other accounts, entitlements, and attributes. An identity has a variety of attributes, such as an account name, an email address, a job title, and more. These identity attributes can be correlated with different attributes on different sources. For example, the identity John.Smith can own an account in the GitHub source with the account name John-Smith-Org, and Identity Security Cloud knows they are the same person with the same access and attributes. In Identity Security Cloud, administrators often set up these synchronizations to get triggered automatically with a change or to run on a schedule. To manually synchronize attributes for an identity, administrators can use the Identities drop-down menu and select Identity List to view the list of identities. They can then select the identity they want to manually synchronize and use the hamburger menu to select 'Synchronize Attributes.' Doing so immediately begins the attribute synchronization and analyzes all accounts for the selected identity. Refer to [Synchronizing Attributes](https://documentation.sailpoint.com/saas/help/provisioning/attr_sync.html) for more information about synchronizing attributes. - name: Identity Attributes - name: Identity History - name: Identity Profiles description: | Use this API to implement identity profile functionality. With this functionality in place, administrators can view identity profiles and their configurations. Identity profiles represent the configurations that can be applied to identities as a way of granting them a set of security and access, as well as defining the mappings between their identity attributes and their source attributes. In Identity Security Cloud, administrators can use the Identities drop-down menu and select Identity Profiles to view the list of identity profiles. This list shows some details about each identity profile, along with its status. They can select an identity profile to view its settings, its mappings between identity attributes and correlating source account attributes, and its provisioning settings. Refer to [Creating Identity Profiles](https://documentation.sailpoint.com/saas/help/setup/identity_profiles.html) for more information about identity profiles. - name: Lifecycle States description: | Use this API to implement and customize lifecycle state functionality. With this functionality in place, administrators can create and configure custom lifecycle states for use across their organizations, which is key to controlling which users have access, when they have access, and the access they have. A lifecycle state describes a user's status in a company. For example, two lifecycle states come by default with Identity Security Cloud: 'Active' and 'Inactive.' When an active employee takes an extended leave of absence from a company, his or her lifecycle state may change to 'Inactive,' for security purposes. The inactive employee would lose access to all the applications, sources, and sensitive data during the leave of absence, but when the employee returns and becomes active again, all that access would be restored. This saves administrators the time that would otherwise be spent provisioning the employee's access to each individual tool, reviewing the employee's certification history, etc. Administrators can create a variety of custom lifecycle states. Refer to [Planning New Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#planning-new-lifecycle-states) for some custom lifecycle state ideas. Administrators must define the criteria for being in each lifecycle state, and they must define how Identity Security Cloud manages users' access to apps and sources for each lifecycle state. In Identity Security Cloud, administrators can manage lifecycle states by going to Admin > Identities > Identity Profile, selecting the identity profile whose lifecycle states they want to manage, selecting the 'Provisioning' tab, and using the left panel to either select the lifecycle state they want to modify or create a new lifecycle state. In the 'Provisioning' tab, administrators can make the following access changes to an identity profile's lifecycle state: - Enable/disable the lifecycle state for the identity profile. - Enable/disable source accounts for the identity profile's lifecycle state. - Add existing access profiles to grant to the identity profiles in that lifecycle state. - Create a new access profile to grant to the identity profile in that lifecycle state. Access profiles granted in a previous lifecycle state are automatically revoked when the identity moves to a new lifecycle state. To maintain access across multiple lifecycle states, administrators must grant the access profiles in each lifecycle state. For example, if an administrator wants users with the 'HR Employee' identity profile to maintain their building access in both the 'Active' and 'Leave of Absence' lifecycle states, the administrator must grant the access profile for that building access to both lifecycle states. During scheduled refreshes, Identity Security Cloud evaluates lifecycle states to determine whether their assigned identities have the access defined in the lifecycle states' access profiles. If the identities are missing access, Identity Security Cloud provisions that access. Administrators can also use the 'Provisioning' tab to configure email notifications for Identity Security Cloud to send whenever an identity with that identity profile has a lifecycle state change. Refer to [Configuring Lifecycle State Notifications](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#configuring-lifecycle-state-notifications) for more information on how to do so. An identity's lifecycle state can have four different statuses: the lifecycle state's status can be 'Active,' it can be 'Not Set,' it can be 'Not Valid,' or it 'Does Not Match Technical Name Case.' Refer to [Moving Identities into Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#moving-identities-into-lifecycle-states) for more information about these different lifecycle state statuses. Refer to [Setting Up Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html) for more information about lifecycle states. - name: Machine Account Classify - name: Machine Account Mappings - name: Machine Accounts - name: Machine Classification Config - name: Machine Identities - name: Machine Mapping Metadata - name: Managed Clients description: | Use this API to implement managed client functionality. With this functionality in place, administrators can modify and delete existing managed clients, create new ones, and view and make changes to their log configurations. - name: Managed Cluster Types description: | Use this API to implement managed cluster types functionality. With this functionality in place, administrators can modify and delete existing managed cluster types and create new ones. - name: Managed Clusters description: | Use this API to implement managed cluster functionality. With this functionality in place, administrators can modify and delete existing managed clients, get their statuses, and create new ones. - name: Manual Discover Applications description: | Use this API to manually upload application names to be correlated to an ISC connector. - name: Manual Discover Applications Template description: | Use this API to download the CSV template to send to the application discovery service. - name: MFA Configuration description: Configure and test multifactor authentication (MFA) methods - name: MFA Controller description: This API used for multifactor authentication functionality belong to gov-multi-auth service. This controller allow you to verify authentication by specified method - name: Multi-Host Integration description: | Use this API to build a Multi-Host Integration. Multi-Host Integration will help customers to configure and manage similar type of target system in Identity Security Cloud. In Identity Security Cloud, administrators can create a Multi-Host Integration by going to Admin > Connections > Multi-Host Sources and selecting 'Create.' - name: Non-Employee Lifecycle Management description: | Use this API to implement non-employee lifecycle management functionality. With this functionality in place, administrators can create non-employee records and configure them for use in their organizations. This allows organizations to provide secure access to non-employees and control that access. The 'non-employee' term refers to any consultant, contractor, intern, or other user in an organization who is not a full-time permanent employee. Organizations can track non-employees' access and activity in Identity Security Cloud by creating and maintaining non-employee sources. Organizations can have a maximum of 50 non-employee sources. By using SailPoint's Non-Employee Lifecycle Management functionality, you agree to the following: - SailPoint is not responsible for storing sensitive data. You may only add account attributes to non-employee identities that are necessary for business operations and are consistent with your contractual limitations on data that may be sent or stored in Identity Security Cloud. - You are responsible for regularly downloading your list of non-employee accounts for all the sources you create and storing this list of accounts in a managed location to maintain an authoritative system of record and backup data for these accounts. To manage non-employees in Identity Security Cloud, administrators must create a non-employee source and add accounts to the source. To create a non-employee source in Identity Security Cloud, administrators must use the Admin panel to go to Connections > Sources. They must then specify 'Non-Employee' in the 'Source Type' field. Refer to [Creating a Non-Employee Source](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#creating-a-non-employee-source) for more details about how to create non-employee sources. To add accounts to a non-employee source in Identity Security Cloud, administrators can select the non-employee source and add the accounts. They can also use the 'Manage Non-Employees' widget on their user dashboards to reach the list of sources and then select the non-employee source they want to add the accounts to. Administrators can either add accounts individually or in bulk. Each non-employee source can have a maximum of 20,000 accounts. To add accounts in bulk, they must select the 'Bulk Upload' option and upload a CSV file. Refer to [Adding Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#adding-accounts) for more details about how to add accounts to non-employee sources. Once administrators have created the non-employee source and added accounts to it, they can create identity profiles to generate identities for the non-employee accounts and manage the non-employee identities the same way they would any other identities. Refer to [Managing Non-Employee Sources and Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html) for more information about non-employee lifecycle management. - name: Notifications - name: OAuth Clients description: | Use this API to implement OAuth client functionality. With this functionality in place, users with the appropriate security scopes can create and configure OAuth clients to use as a way to obtain authorization to use the Identity Security Cloud REST API. Refer to [Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information about OAuth and how it works with the Identity Security Cloud REST API. - name: Org Config description: | Use this API to implement organization configuration functionality. Administrators can use this functionality to manage organization settings, such as time zones. - name: Password Configuration description: | Use this API to implement organization password configuration functionality. With this functionality in place, organization administrators can create organization-specific password configurations. These configurations include details like custom password instructions, as well as digit token length and duration. Refer to [Configuring User Authentication for Password Resets](https://documentation.sailpoint.com/saas/help/pwd/pwd_reset.html) for more information about organization password configuration functionality. - name: Password Dictionary description: | Use this API to implement password dictionary functionality. With this functionality in place, administrators can create password dictionaries to prevent users from using certain words or characters in their passwords. A password dictionary is a list of words or characters that users are prevented from including in their passwords. This can help protect users from themselves and force them to create passwords that are not easy to break. A password dictionary must meet the following requirements to for the API to handle them correctly: - It must be in .txt format. - All characters must be UTF-8 characters. - Each line must contain a single word or character with no spaces or whitespace characters. - It must contain at least one line other than the locale string. - Each line must not exceed 128 characters. - The file must not exceed 2500 lines. Administrators should also consider the following when they create their dictionaries: - Lines starting with a # represent comments. - All words in the password dictionary are case-insensitive. For example, adding the word "password" to the dictionary also disallows the following: PASSWORD, Password, and PassWord. - The dictionary uses substring matching. For example, adding the word "spring" to the dictionary also disallows the following: Spring124, 345SprinG, and 8spring. Users can then select 'Change Password' to update their passwords. Administrators must do the following to create a password dictionary: - Create the text file that will contain the prohibited password values. - If the dictionary is not in English, they must add a locale string to the top line: locale:`languageCode`_`countryCode` The languageCode value refers to the language's 2-letter ISO 639-1 code. The countryCode value refers to the country's 2-letter ISO 3166-1 code. Refer to this list https://docs.oracle.com/cd/E13214_01/wli/docs92/xref/xqisocodes.html to see all the available ISO 639-1 language codes and ISO 3166-1 country codes. - Upload the .txt file to Identity Security Cloud with [Update Password Dictionary](https://developer.sailpoint.com/docs/api/v2024/put-password-dictionary). Uploading a new file always overwrites the previous dictionary file. Administrators can then specify which password policies check new passwords against the password dictionary by doing the following: In the Admin panel, they can use the Password Mgmt dropdown menu to select Policies, select the policy, and select the 'Prevent use of words in this site's password dictionary' checkbox beside it. Refer to [Configuring Advanced Password Management Options](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html) for more information about password dictionaries. - name: Password Management description: | Use this API to implement password management functionality. With this functionality in place, users can manage their identity passwords for all their applications. In Identity Security Cloud, users can select their names in the upper right corner of the page and use the drop-down menu to select Password Manager. Password Manager lists the user's identity's applications, possibly grouped to share passwords. Users can then select 'Change Password' to update their passwords. Grouping passwords allows users to update their passwords more broadly, rather than requiring them to update each password individually. Password Manager may list the applications and sources in the following groups: - Password Group: This refers to a group of applications that share a password. For example, a user can use the same password for Google Drive, Google Mail, and YouTube. Updating the password for the password group updates the password for all its included applications. - Multi-Application Source: This refers to a source with multiple applications that share a password. For example, a user can have a source, G Suite, that includes the Google Calendar, Google Drive, and Google Mail applications. Updating the password for the multi-application source updates the password for all its included applications. - Applications: These are applications that do not share passwords with other applications. An organization may require some authentication for users to update their passwords. Users may be required to answer security questions or use a third-party authenticator before they can confirm their updates. Refer to [Managing Passwords](https://documentation.sailpoint.com/saas/user-help/accounts/passwords.html) for more information about password management. - name: Password Policies description: | Use these APIs to implement password policies functionality. These APIs allow you to define the policy parameters for choosing passwords. IdentityNow comes with a default policy that you can modify to define the password requirements your users must meet to log in to IdentityNow, such as requiring a minimum password length, including special characters, and disallowing certain patterns. If you have licensed Password Management, you can create additional password policies beyond the default one to manage passwords for supported sources in your org. In the Identity Security Cloud Admin panel, administrators can use the Password Mgmt dropdown menu to select Sync Groups. Refer to [Managing Password Policies](https://documentation.sailpoint.com/saas/help/pwd/pwd_policies/pwd_policies.html) for more information about password policies. - name: Password Sync Groups description: | Use this API to implement password sync group functionality. With this functionality in place, administrators can group sources into password sync groups so that all their applications share the same password. This allows users to update the password for all the applications in a sync group if they want, rather than updating each password individually. A password sync group is a group of applications that shares a password. Administrators create these groups by grouping the applications' sources. For example, an administrator can group the ActiveDirectory, GitHub, and G Suite sources together so that all those sources' applications can also be grouped to share a password. A user can then update his or her password for ActiveDirectory, GitHub, Gmail, Google Drive, and Google Calendar all at once, rather then updating each one individually. The following are required for administrators to create a password sync group in Identity Security Cloud: - At least two direct connect sources connected to Identity Security Cloud and configured for Password Management. - Each authentication source in a sync group must have at least one application. Refer to [Adding and Resetting Application Passwords](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html#adding-and-resetting-application-passwords) for more information about adding applications to sources. - At least one password policy. Refer to [Managing Password Policies](https://documentation.sailpoint.com/saas/help/pwd/pwd_policies/index.html) for more information about password policies. In the Admin panel in Identity Security Cloud, administrators can use the Password Mgmt dropdown menu to select Sync Groups. To create a sync group, administrators must provide a name, choose a password policy to be enforced across the sources in the sync group, and select the sources to include in the sync group. Administrators can also delete sync groups in Identity Security Cloud, but they should know the following before they do: - Passwords related to the associated sources will become independent, so changing one will not change the others anymore. - Passwords for the sources' connected applications will also become independent. - Password policies assigned to the sync group are then assigned directly to the associated sources. To change the password policy for a source, administrators must edit it directly. Once the password sync group has been created, users can update the password for the group in Password Manager. Refer to [Managing Password Sync Groups](https://documentation.sailpoint.com/saas/help/pwd/sync_grps.html) for more information about password sync groups. - name: Personal Access Tokens description: | Use this API to implement personal access token (PAT) functionality. With this functionality in place, users can use PATs as an alternative to passwords for authentication in Identity Security Cloud. PATs embed user information into the client ID and secret. This replaces the API clients' need to store and provide a username and password to establish a connection, improving Identity Security Cloud organizations' integration security. In Identity Security Cloud, users can do the following to create and manage their PATs: Select the dropdown menu under their names, select Preferences, and then select Personal Access Tokens. They must then provide a description about the token's purpose. They can then select 'Create Token' at the bottom of the page to generate and view the Secret and Client ID. Refer to [Managing Personal Access Tokens](https://documentation.sailpoint.com/saas/help/common/api_keys.html?h=token#generating-a-personal-access-token) for more information about PATs. - name: Public Identities description: | Use this API in conjunction with [Public Identites Config](https://developer.sailpoint.com/docs/api/v2024/public-identities-config/) to enable non-administrators to view identities' publicly visible attributes. With this functionality in place, non-administrators can view identity attributes other than the default attributes (email, lifecycle state, and manager), depending on which identity attributes their organization administrators have made public. This can be helpful for access approvers, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks. - name: Public Identities Config description: | Use this API to implement public identity configuration functionality. With this functionality in place, administrators can make up to 5 identity attributes publicly visible so other non-administrator users can see the relevant information they need to make decisions. This can be helpful for approvers making approvals, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks. By default, non-administrators can select an identity and view the following attributes: email, lifecycle state, and manager. However, it may be helpful for a non-administrator reviewer to see other identity attributes like department, region, title, etc. Administrators can use this API to make those necessary identity attributes public to non-administrators. For example, a non-administrator deciding whether to approve another identity's request for access to the Workday application, whose access may be restricted to members of the HR department, would want to know whether the identity is a member of the HR department. If an administrator has used [Update Public Identity Config](https://developer.sailpoint.com/docs/api/v2024/update-public-identity-config/) to make the "department" attribute public, the approver can see the department and make a decision without requesting any more information. - name: Reports Data Extraction description: | Use this API to implement reports lifecycle managing and monitoring. With this functionality in place, users can run reports, view their results, and cancel reports in progress. This can be potentially helpful for auditing purposes. - name: Requestable Objects description: | Use this API to implement requestable object functionality. With this functionality in place, administrators can determine which access items can be requested with the [Access Request APIs](https://developer.sailpoint.com/docs/api/v2024/access-requests/), along with their statuses. This can be helpful for administrators who are implementing and customizing access request functionality as a way of checking which items are requestable as they are created, assigned, and made available. - name: Role Insights - name: Roles description: | Use this API to implement and customize role functionality. With this functionality in place, administrators can create roles and configure them for use throughout Identity Security Cloud. Identity Security Cloud can use established criteria to automatically assign the roles to qualified users. This enables users to get all the access they need quickly and securely and administrators to spend their time on other tasks. Entitlements represent the most granular level of access in Identity Security Cloud. Access profiles represent the next level and often group entitlements. Roles represent the broadest level of access and often group access profiles. For example, an Active Directory source in Identity Security Cloud can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization. An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement. An administrator can then create an even broader set of access in the form of a role grouping the 'AD Developers' access profile with another profile, 'GitHub Developers,' grouping entitlements for the GitHub source. When users only need Active Directory employee access, they can request access to the 'Employees' entitlement. When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile. When users need both the 'AD Developers' access profile and the 'GitHub Developers' access profile, they can request access to the role grouping both. Roles often represent positions within organizations. For example, an organization's accountant can access all the tools the organization's accountants need with the 'Accountant' role. If the accountant switches to engineering, a qualified member of the organization can quickly revoke the accountant's 'Accountant' access and grant access to the 'Engineer' role instead, granting access to all the tools the organization's engineers need. In Identity Security Cloud, adminstrators can use the Access drop-down menu and select Roles to view, configure, and delete existing roles, as well as create new ones. Administrators can enable and disable the role, and they can also make the following configurations: - Manage Access: Manage the role's access by adding or removing access profiles. - Define Assignment: Define the criteria Identity Security Cloud uses to assign the role to identities. Use the first option, 'Standard Criteria,' to provide specific criteria for assignment like specific account attributes, entitlements, or identity attributes. Use the second, 'Identity List,' to specify the identities for assignment. - Access Requests: Configure roles to be requestable and establish an approval process for any requests that the role be granted or revoked. Do not configure a role to be requestable without establishing a secure access request approval process for that role first. Refer to [Working with Roles](https://documentation.sailpoint.com/saas/help/access/roles.html) for more information about roles. - name: Saved Search description: | Use this API to implement saved search functionality. With saved search functionality in place, users can save search queries and then view those saved searches, as well as rerun them. Search queries in Identity Security Cloud can grow very long and specific, which can make reconstructing them difficult or tedious, so it can be especially helpful to save search queries. It also opens the possibility to configure Identity Security Cloud to run the saved queries on a schedule, which is essential to detecting user information and access changes throughout an organization's tenant and across all its sources. Refer to [Scheduled Search](https://developer.sailpoint.com/docs/api/v2024/scheduled-search/) for more information about running saved searches on a schedule. In Identity Security Cloud, users can save searches under a name, and then they can access that saved search and run it again when they want. Refer to [Managing Saved Searches](https://documentation.sailpoint.com/saas/help/search/saved-searches.html) for more information about saving searches and using them. - name: Scheduled Search description: | Use this API to implement scheduled search functionality. With scheduled search functionality in place, users can run saved search queries on their tenants on a schedule, and Identity Security Cloud emails them the search results. Users can also share these search results with other users by email by adding those users as subscribers, or those users can subscribe themselves. One of the greatest benefits of saving searches is the ability to run those searches on a schedule. This is essential for organizations to constantly detect any changes to user information or access throughout their tenants and across all their sources. For example, the manager Amanda Ross can schedule a saved search "manager.name:amanda.ross AND attributes.location:austin" on a schedule to regularly stay aware of changes with the Austin employees reporting to her. Identity Security Cloud emails her the search results when the search runs, so she can work on other tasks instead of actively running this search. In Identity Security Cloud, scheduling a search involves a subscription. Users can create a subscription for a saved search and schedule it to run daily, weekly, or monthly (you can only use one schedule option at a time). The user can add other identities as subscribers so when the scheduled search runs, the subscribers and the user all receive emails. By default, subscriptions exclude detailed results from the emails, for security purposes. Including detailed results about user access in an email may expose sensitive information. However, the subscription creator can choose to include the information in the emails. By default, Identity Security Cloud sends emails to the subscribers even when the searches do not return new results. However, the subscription creator can choose to suppress these empty emails. Users can also subscribe to saved searches that already have existing subscriptions so they receive emails when the searches run. A saved search can have up to 10 subscriptions configured at a time. The subscription creator can enable, disable, or delete the subscription. Refer to [Subscribing to Saved Searches](https://documentation.sailpoint.com/saas/help/search/saved-searches.html#subscribing-to-saved-searches) for more information about scheduling searches and subscribing to them. - name: Search description: | Use this API to implement search functionality. With search functionality in place, users can search their tenants for nearly any information from throughout their organizations. Identity Security Cloud enables organizations to store user data from across all their connected sources and manage the users' access, so the ability to query and filter that data is essential. Its search goes through all those sources and finds the results quickly and specifically. The search query is flexible - it can be very broad or very narrow. The search only returns results for searchable objects it is filtering for. The following objects are searchable: identities, roles, access profiles, entitlements, events, and account activities. By default, no filter is applied, so a search for "Ad" returns both the identity "Adam.Archer" as well as the role "Administrator." Users can further narrow their results by using Identity Security Cloud's specific syntax and punctuation to structure their queries. For example, the query "attributes.location:austin AND NOT manager.name:amanda.ross" returns all results associated with the Austin location, but it excludes those associated with the manager Amanda Ross. Refer to [Building a Search Query](https://documentation.sailpoint.com/saas/help/search/building-query.html) for more information about how to construct specific search queries. Refer to [Using Search](https://documentation.sailpoint.com/saas/help/search/index.html) for more information about Identity Security Cloud's search and its different possibilities. The search feature uses Elasticsearch as a datastore and query engine. The power of Elasticsearch makes this feature suitable for ad-hoc reporting. However, data from the operational databases (ex. identities, roles, events, etc) has to be ingested into Elasticsearch. This ingestion process introduces a latency from when the operational data is created to when it is available in search. Depending on the system load, this can take a few seconds to a few minutes. Please keep this latency in mind when you use search. - name: Search Attribute Configuration description: | Use this API to implement search attribute configuration functionality, along with [Search](https://developer.sailpoint.com/docs/api/v2024/search). With this functionality in place, administrators can create custom search attributes that and run extended searches based on those attributes to further narrow down their searches and get the information and insights they want. Identity Security Cloud (ISC) enables organizations to store user data from across all their connected sources and manage the users' access, so the ability to query and filter that data is essential. Its search goes through all those sources and finds the results quickly and specifically. The search query is flexible - it can be very broad or very narrow. The search only returns results for searchable objects it is filtering for. The following objects are searchable: identities, roles, access profiles, entitlements, events, and account activities. By default, no filter is applied, so a search for "Ad" returns both the identity "Adam.Archer" as well as the role "Administrator." Users can further narrow their results by using ISC's specific syntax and punctuation to structure their queries. For example, the query "attributes.location:austin AND NOT manager.name:amanda.ross" returns all results associated with the Austin location, but it excludes those associated with the manager Amanda Ross. Refer to [Building a Search Query](https://documentation.sailpoint.com/saas/help/search/building-query.html) for more information about how to construct specific search queries. Refer to [Search Attribute Configuration](https://developer.sailpoint.com/docs/extensibility/rules/rule-utility/#configuration-of-search-attributes-within-identity-security-cloud) for more information about ISC's search and its different possibilities. With Search Attribute Configuration, administrators can create, manage, and run searches based on the attributes they want to search. - name: Segments description: | Use this API to implement and customize access request segment functionality. With this functionality in place, administrators can create and manage access request segments. Segments provide organizations with a way to make the access their users have even more granular - this can simply the access request process for the organization's users and improves security by reducing the risk of overprovisoning access. Segments represent sets of identities, all grouped by specified identity attributes, who are only able to see and access the access items associated with their segments. For example, administrators could group all their organization's London office employees into one segment, "London Office Employees," by their shared location. The administrators could then define the access items the London employees would need, and the identities in the "London Office Employees" would then only be able to see and access those items. In Identity Security Cloud, administrators can use the 'Access' drop-down menu and select 'Segments' to reach the 'Access Requests Segments' page. This page lists all the existing access request segments, along with their statuses, enabled or disabled. Administrators can use this page to create, edit, enable, disable, and delete segments. To create a segment, an administrator must provide a name, define the identities grouped in the segment, and define the items the identities in the segment can access. These items can be access profiles, roles, or entitlements. When administrators use the API to create and manage segments, they use a JSON expression in the `visibilityCriteria` object to define the segment's identities and access items. Refer to [Managing Access Request Segments](https://documentation.sailpoint.com/saas/help/requests/segments.html) for more information about segments in Identity Security Cloud. - name: Service Desk Integration description: | Use this API to build an integration between Identity Security Cloud and a service desk ITSM (IT service management) solution. Once an administrator builds this integration between Identity Security Cloud and a service desk, users can use Identity Security Cloud to raise and track tickets that are synchronized between Identity Security Cloud and the service desk. In Identity Security Cloud, administrators can create a service desk integration (sometimes also called an SDIM, or Service Desk Integration Module) by going to Admin > Connections > Service Desk and selecting 'Create.' To create a Generic Service Desk integration, for example, administrators must provide the required information on the General Settings page, the Connectivity and Authentication information, Ticket Creation information, Status Mapping information, and Requester Source information on the Configure page. Refer to [Integrating SailPoint with Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html) for more information about the process of setting up a Generic Service Desk in Identity Security Cloud. Administrators can create various service desk integrations, all with their own nuances. The following service desk integrations are available: - [Atlassian Cloud Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_cloud/help/integrating_jira_cloud_sd/introduction.html) - [Atlassian Server Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_server/help/integrating_jira_server_sd/introduction.html) - [BMC Helix ITSM Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_ITSM_sd/help/integrating_bmc_helix_itsm_sd/intro.html) - [BMC Helix Remedyforce Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_remedyforce_sd/help/integrating_bmc_helix_remedyforce_sd/intro.html) - [Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html) - [ServiceNow Service Desk](https://documentation.sailpoint.com/connectors/servicenow/sdim/help/integrating_servicenow_sdim/intro.html) - [Zendesk Service Desk](https://documentation.sailpoint.com/connectors/zendesk/help/integrating_zendesk_sd/introduction.html) - name: SIM Integrations description: | Use this API to administer IdentityNow's Service Integration Module, or SIM integration with ServiceNow, so that it converts IdentityNow provisioning actions into tickets in ServiceNow. ServiceNow is a software platform that supports IT service management and automates common business processes for requesting and fulfilling service requests across a business enterprise. You must have an IdentityNow ServiceNow ServiceDesk license to use this integration. Contact your Customer Success Manager for more information. Service Desk integration for IdentityNow and in deprecation - not available for new implementation, as of July 21st, 2021. As per SailPoint’s [support policy](https://community.sailpoint.com/t5/Connector-Directory/SailPoint-Support-Policy-for-Connectivity/ta-p/79422), all existing SailPoint IdentityNow customers using this legacy integration will be supported until July 2022. - name: SOD Policies description: | Use this API to implement and manage "separation of duties" (SOD) policies. With SOD policy functionality in place, administrators can organize the access in their tenants to prevent individuals from gaining conflicting or excessive access. "Separation of duties" refers to the concept that people shouldn't have conflicting sets of access - all their access should be configured in a way that protects your organization's assets and data. For example, people who record monetary transactions shouldn't be able to issue payment for those transactions. Any changes to major system configurations should be approved by someone other than the person requesting the change. Organizations can use "separation of duties" (SOD) policies to enforce and track their internal security rules throughout their tenants. These SOD policies limit each user's involvement in important processes and protects the organization from individuals gaining excessive access. To create SOD policies in Identity Security Cloud, administrators use 'Search' and then access 'Policies'. To create a policy, they must configure two lists of access items. Each access item can only be added to one of the two lists. They can search for the entitlements they want to add to these access lists. >Note: You can have a maximum of 500 policies of any type (including general policies) in your organization. In each access-based SOD policy, you can have a maximum of 50 entitlements in each access list. Once a SOD policy is in place, if an identity has access items on both lists, a SOD violation will trigger. These violations are included in SOD violation reports that other users will see in emails at regular intervals if they're subscribed to the SOD policy. The other users can then better help to enforce these SOD policies. To create a subscription to a SOD policy in Identity Security Cloud, administrators use 'Search' and then access 'Layers'. They can create a subscription to the policy and schedule it to run at a regular interval. Refer to [Managing Policies](https://documentation.sailpoint.com/saas/help/sod/manage-policies.html) for more information about SOD policies. Refer to [Subscribe to a SOD Policy](https://documentation.sailpoint.com/saas/help/sod/policy-violations.html#subscribe-to-an-sod-policy) for more information about SOD policy subscriptions. - name: SOD Violations description: | Use this API to check for current "separation of duties" (SOD) policy violations as well as potential future SOD policy violations. With SOD violation functionality in place, administrators can get information about current SOD policy violations and predict whether an access change will trigger new violations, which helps to prevent them from occurring at all. "Separation of duties" refers to the concept that people shouldn't have conflicting sets of access - all their access should be configured in a way that protects your organization's assets and data. For example, people who record monetary transactions shouldn't be able to issue payment for those transactions. Any changes to major system configurations should be approved by someone other than the person requesting the change. Organizations can use "separation of duties" (SOD) policies to enforce and track their internal security rules throughout their tenants. These SOD policies limit each user's involvement in important processes and protects the organization from individuals gaining excessive access. Once a SOD policy is in place, if an identity has conflicting access items, a SOD violation will trigger. These violations are included in SOD violation reports that other users will see in emails at regular intervals if they're subscribed to the SOD policy. The other users can then better help to enforce these SOD policies. Administrators can use the SOD violations APIs to check a set of identities for any current SOD violations, and they can use them to check whether adding an access item would potentially trigger a SOD violation. This second option is a good way to prevent SOD violations from triggering at all. Refer to [Handling Policy Violations](https://documentation.sailpoint.com/saas/help/sod/policy-violations.html) for more information about SOD policy violations. - name: Source Usages description: | Use this API to implement source usage insight functionality. With this functionality in place, administrators can gather information and insights about how their tenants' sources are being used. This allows organizations to get the information they need to start optimizing and securing source usage. - name: Sources description: | Use this API to implement and customize source functionality. With source functionality in place, organizations can use Identity Security Cloud to connect their various sources and user data sets and manage access across all those different sources in a secure, scalable way. [Sources](https://documentation.sailpoint.com/saas/help/sources/index.html) refer to the Identity Security Cloud representations for external applications, databases, and directory management systems that maintain their own sets of users, like Dropbox, GitHub, and Workday, for example. Organizations may use hundreds, if not thousands, of different source systems, and any one employee within an organization likely has a different user record on each source, often with different permissions on many of those records. Connecting these sources to Identity Security Cloud makes it possible to manage user access across them all. Then, if a new hire starts at an organization, Identity Security Cloud can grant the new hire access to all the sources they need. If an employee moves to a new department and needs access to new sources but no longer needs access to others, Identity Security Cloud can grant the necessary access and revoke the unnecessary access for all the employee's various sources. If an employee leaves the company, Identity Security Cloud can revoke access to all the employee's various source accounts immediately. These are just a few examples of the many ways that source functionality makes identity governance easier, more efficient, and more secure. In Identity Security Cloud, administrators can create configure, manage, and edit sources, and they can designate other users as source admins to be able to do so. They can also designate users as source sub-admins, who can perform the same source actions but only on sources associated with their governance groups. Admins go to Connections > Sources to see a list of the existing source representations in their organizations. They can create new sources or select existing ones. To create a new source, the following must be specified: Source Name, Description, Source Owner, and Connection Type. Refer to [Configuring a Source](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html#configuring-a-source) for more information about the source configuration process. Identity Security Cloud connects with its sources either by a direct communication with the source server (connection information specific to the source must be provided) or a flat file feed, a CSV file containing all the relevant information about the accounts to be loaded in. Different sources use different connectors to share data with Identity Security Cloud, and each connector's setup process is specific to that connector. SailPoint has built a number of connectors to come out of the box and connect to the most common sources, and SailPoint actively maintains these connectors. Refer to [Identity Security Cloud Connectors](https://documentation.sailpoint.com/connectors/identitynow/landingpages/help/landingpages/identitynow_connectivity_landing.html) for more information about these SailPoint supported connectors. Refer to the following links for more information about two useful connectors: - [JDBC Connector](https://documentation.sailpoint.com/connectors/jdbc/help/integrating_jdbc/introduction.html): This customizable connector an directly connect to databases that support JDBC (Java Database Connectivity). - [Web Services Connector](https://documentation.sailpoint.com/connectors/webservices/help/integrating_webservices/introduction.html): This connector can directly connect to databases that support Web Services. Refer to [SaaS Connectivity](https://developer.sailpoint.com/docs/connectivity/saas-connectivity/) for more information about SailPoint's new connectivity framework that makes it easy to build and manage custom connectors to SaaS sources. When admins select existing sources, they can view the following information about the source: - Associated connections (any associated identity profiles, apps, or references to the source in a transform). - Associated user accounts. These accounts are linked to their identities - this provides a more complete picture of each user's access across sources. - Associated entitlements (sets of access rights on sources). - Associated access profiles (groupings of entitlements). The user account data and the entitlements update with each data aggregation from the source. Organizations generally run scheduled, automated data aggregations to ensure that their data is always in sync between their sources and their Identity Security Cloud tenants so an access change on a source is detected quickly in Identity Security Cloud. Admins can view a history of these aggregations, and they can also run manual imports. Refer to [Loading Account Data](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html) for more information about manual and scheduled aggregations. Admins can also make changes to determine which user account data Identity Security Cloud collects from the source and how it correlates that account data with identity data. To define which account attributes the source shares with Identity Security Cloud, admins can edit the account schema on the source. Refer to [Managing Source Account Schemas](https://documentation.sailpoint.com/saas/help/accounts/schema.html) for more information about source account schemas and how to edit them. To define the mapping between the source account attributes and their correlating identity attributes, admins can edit the correlation configuration on the source. Refer to [Assigning Source Accounts to Identities](https://documentation.sailpoint.com/saas/help/accounts/correlation.html) for more information about this correlation process between source accounts and identities. Admins can also delete sources, but they must first ensure that the sources no longer have any active connections: the source must not be associated with any identity profile or any app, and it must not be referenced by any transform. Refer to [Deleting Sources](https://documentation.sailpoint.com/saas/help/sources/index.html#deleting-sources) for more information about deleting sources. Well organized, mapped out connections between sources and Identity Security Cloud are essential to achieving comprehensive identity access governance across all the source systems organizations need. Refer to [Managing Sources](https://documentation.sailpoint.com/saas/help/sources/index.html) for more information about all the different things admins can do with sources once they are connected. - name: SP-Config description: Import and export configuration for some objects between tenants. - name: Suggested Entitlement Description description: | Use this API to implement Suggested Entitlement Description (SED) functionality. SED functionality leverages the power of LLM to generate suggested entitlement descriptions. Refer to [GenAI Entitlement Descriptions](https://documentation.sailpoint.com/saas/help/access/entitlements.html#genai-entitlement-descriptions) to learn more about SED in Identity Security Cloud (ISC). - name: Tagged Objects description: | Use this API to implement object tagging functionality. With object tagging functionality in place, any user in an organization can use tags as a way to group objects together and find them more quickly when the user searches Identity Security Cloud. In Identity Security Cloud, users can search their tenants for information and add tags objects they find. Tagging an object provides users with a way of grouping objects together and makes it easier to find these objects in the future. For example, if a user is searching for an entitlement that grants a risky level of access to Active Directory, it's possible that the user may have to search through hundreds of entitlements to find the correct one. Once the user finds that entitlement, the user can add a tag to the entitlement, "AD_RISKY" to make it easier to find the entitlement again. The user can add the same tag to multiple objects the user wants to group together for an easy future search, and the user can also do so in bulk. When the user wants to find that tagged entitlement again, the user can search for "tags:AD_RISKY" to find all objects with that tag. With the API, you can tag even more different object types than you can in Identity Security Cloud (access profiles, entitlements, identities, and roles). You can use the API to tag all these objects: - Access profiles - Applications - Certification campaigns - Entitlements - Identities - Roles - SOD (separation of duties) policies - Sources You can also use the API to directly find, create, and manage tagged objects without using search queries. There are limits to tags: - You can have up to 500 different tags in your tenant. - You can apply up to 30 tags to one object. - You can have up to 10,000 tag associations, pairings of 1 tag to 1 object, in your tenant. Because of these limits, it is recommended that you work with your governance experts and security teams to establish a list of tags that are most expressive of governance objects and access managed by Identity Security Cloud. These are the types of information often expressed in tags: - Affected departments - Compliance and regulatory categories - Remediation urgency levels - Risk levels Refer to [Tagging Items in Search](https://documentation.sailpoint.com/saas/help/search/index.html?h=tags#tagging-items-in-search) for more information about tagging objects in Identity Security Cloud. - name: Task Management - name: Tenant description: API for reading tenant details. - name: Tenant Context description: | The purpose of this API is to manage key-value pairs specific to a tenant's context, enabling dynamic configuration and personalized settings per tenant. Context key-value pairs will consist of common terms and acronyms used within your organization. - name: Transforms description: | The purpose of this API is to expose functionality for the manipulation of Transform objects. Transforms are a form of configurable objects which define an easy way to manipulate attribute data without having to write code. Refer to [Transforms](https://developer.sailpoint.com/docs/extensibility/transforms/) for more information about transforms. - name: Triggers description: | Event Triggers provide real-time updates to changes in Identity Security Cloud so you can take action as soon as an event occurs, rather than poll an API endpoint for updates. Identity Security Cloud provides a user interface within the admin console to create and manage trigger subscriptions. These endpoints allow for programatically creating and managing trigger subscriptions. There are two types of event triggers: * `FIRE_AND_FORGET`: This trigger type will send a payload to each subscriber without needing a response. Each trigger of this type has a limit of **50 subscriptions**. * `REQUEST_RESPONSE`: This trigger type will send a payload to a subscriber and expect a response back. Each trigger of this type may only have **one subscription**. ## Available Event Triggers Production ready event triggers that are available in all tenants. | Name | ID | Type | Trigger condition | |-|-|-|-| | [Access Request Dynamic Approval](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/access-request-dynamic-approval/) | idn:access-request-dynamic-approver | REQUEST_RESPONSE |After an access request is submitted. Expects the subscriber to respond with the ID of an identity or workgroup to add to the approval workflow. | | [Access Request Decision](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/access-request-decision/) | idn:access-request-post-approval | FIRE_AND_FORGET | After an access request is approved. | | [Access Request Submitted](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/access-request-submitted/) | idn:access-request-pre-approval | REQUEST_RESPONSE | After an access request is submitted. Expects the subscriber to respond with an approval decision. | | [Account Aggregation Completed](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/account-aggregation-completed/) | idn:account-aggregation-completed | FIRE_AND_FORGET | After an account aggregation completed, terminated, failed. | | Account Attributes Changed | idn:account-attributes-changed | FIRE_AND_FORGET | After an account aggregation, and one or more account attributes have changed. | | Account Correlated | idn:account-correlated | FIRE_AND_FORGET | After an account is added to an identity. | | Accounts Collected for Aggregation | idn:aggregation-accounts-collected | FIRE_AND_FORGET | New, changed, and deleted accounts have been gathered during an aggregation and are being processed. | | Campaign Activated | idn:campaign-activated | FIRE_AND_FORGET | After a campaign is activated. | | Campaign Ended | idn:campaign-ended | FIRE_AND_FORGET | After a campaign ends. | | Campaign Generated | idn:campaign-generated | FIRE_AND_FORGET | After a campaign finishes generating. | | Certification Signed Off | idn:certification-signed-off | FIRE_AND_FORGET | After a certification is signed off by its reviewer. | | [Identity Attributes Changed](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/account-aggregation-completed/) | idn:identity-attributes-changed | FIRE_AND_FORGET | After One or more identity attributes changed. | | [Identity Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/identity-created/) | idn:identity-created | FIRE_AND_FORGET | After an identity is created. | | [Provisioning Action Completed](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/provisioning-completed/) | idn:post-provisioning | FIRE_AND_FORGET | After a provisioning action completed on a source. | | [Scheduled Search](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/scheduled-search/) | idn:saved-search-complete | FIRE_AND_FORGET | After a scheduled search completed. | | [Source Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-created/) | idn:source-created | FIRE_AND_FORGET | After a source is created. | | [Source Deleted](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-deleted/) | idn:source-deleted | FIRE_AND_FORGET | After a source is deleted. | | [Source Updated](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-updated/) | idn:source-updated | FIRE_AND_FORGET | After configuration changes have been made to a source. | | [VA Cluster Status Change](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/va-cluster-status-change/) | idn:va-cluster-status-change | FIRE_AND_FORGET | After the status of a VA cluster has changed. | - name: UI Metadata description: |- API for managing UI Metadata. Use this API to manage metadata about your User Interface. For example you can set the iFrameWhitelist parameter to permit another domain to encapsulate IDN within an iframe or set the usernameEmptyText to change the placeholder text for Username on your tenant's login screen. - name: Work Items description: | Use this API to implement work item functionality. With this functionality in place, users can manage their work items (tasks). Work items refer to the tasks users see in Identity Security Cloud's Task Manager. They can see the pending work items they need to complete, as well as the work items they have already completed. Task Manager lists the work items along with the involved sources, identities, accounts, and the timestamp when the work item was created. For example, a user may see a pending 'Create an Account' work item for the identity Fred.Astaire in GitHub for Fred's GitHub account, fred-astaire-sp. Once the user completes the work item, the work item will be listed with his or her other completed work items. To complete work items, users can use their dashboards and select the 'My Tasks' widget. The widget will list any work items they need to complete, and they can select the work item from the list to review its details. When they complete the work item, they can select 'Mark Complete' to add it to their list of completed work items. Refer to [Task Manager](https://documentation.sailpoint.com/saas/user-help/task_manager.html) for more information about work items, including the different types of work items users may need to complete. - name: Work Reassignment description: | Use this API to implement work reassignment functionality. Work Reassignment allows access request reviews, certifications, and manual provisioning tasks assigned to a user to be reassigned to a different user. This is primarily used for: - Temporarily redirecting work for users who are out of office, such as on vacation or sick leave - Permanently redirecting work for users who should not be assigned these tasks at all, such as senior executives or service identities Users can define reassignments for themselves, managers can add them for their team members, and administrators can configure them on any user’s behalf. Work assigned during the specified reassignment timeframes will be automatically reassigned to the designated user as it is created. Refer to [Work Reassignment](https://documentation.sailpoint.com/saas/help/users/work_reassignment.html) for more information about this topic. - name: Workflows description: | Workflows allow administrators to create custom automation scripts directly within Identity Security Cloud. These automation scripts respond to [event triggers](https://developer.sailpoint.com/docs/extensibility/event-triggers/#how-to-get-started-with-event-triggers) and perform a series of actions to perform tasks that are either too cumbersome or not available in the Identity Security Cloud UI. Workflows can be configured via a graphical user interface within Identity Security Cloud, or by creating and uploading a JSON formatted script to the Workflow service. The Workflows API collection provides the necessary functionality to create, manage, and test your workflows via REST. paths: /access-profiles: get: operationId: listAccessProfiles tags: - Access Profiles summary: List access profiles description: |- Get a list of access profiles. >**Note:** When you filter for access profiles that have the '+' symbol in their names, the response is blank. parameters: - in: query name: for-subadmin schema: type: string description: |- Filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or SOURCE_SUBADMIN identity. The value of the parameter is either an identity ID or the special value **me**, which is shorthand for the calling identity's ID. If you specify an identity that isn't a subadmin, the API returns a 400 Bad Request error. example: 8c190e6787aa4ed9a90bd9d5344523fb required: false - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* **source.id**: *eq, in* Supported composite operators are *and, or* Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names. example: name eq "SailPoint Support" required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified** example: name,-modified required: false - in: query name: for-segment-ids schema: type: string format: comma-separated description: |- Filters access profiles to only those assigned to the segment(s) with the specified IDs. If segmentation is currently unavailable, specifying this parameter results in an error. example: 0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d required: false - in: query name: include-unsegmented schema: type: boolean default: true description: Indicates whether the response list should contain unsegmented access profiles. If `for-segment-ids` is absent or empty, specifying *include-unsegmented* as `false` results in an error. example: false required: false responses: '200': description: List of access profiles. content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessProfile' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:access-profile:read x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN post: operationId: createAccessProfile tags: - Access Profiles summary: Create access profile description: |- Create an access profile. A user with `ROLE_SUBADMIN` or `SOURCE_SUBADMIN` authority must be associated with the access profile's source. The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles. However, any new access profiles as well as any updates to existing descriptions are limited to 2000 characters. >**Note:** To use this endpoint, you need all the listed scopes. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccessProfile' responses: '201': description: Access profile created. content: application/json: schema: $ref: '#/components/schemas/AccessProfile' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:access-profile:manage - idn:entitlement:read - idn:identity:read - idn:sources:read x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /access-profiles/{id}: get: operationId: getAccessProfile tags: - Access Profiles summary: Get an access profile description: This API returns an Access Profile by its ID. parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listAccessProfiles schema: type: string description: ID of the Access Profile example: 2c9180837ca6693d017ca8d097500149 responses: '200': description: An AccessProfile content: application/json: schema: $ref: '#/components/schemas/AccessProfile' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:access-profile:read x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN patch: operationId: patchAccessProfile tags: - Access Profiles summary: Patch a specified access profile description: |- This API updates an existing Access Profile. The following fields are patchable: **name** **description** **enabled** **owner** **requestable** **accessRequestConfig** **revokeRequestConfig** **segments** **entitlements** **provisioningCriteria** **source** (must be updated with entitlements belonging to new source in the same API call) If you need to change the `source` of the access profile, you can do so only if you update the `entitlements` in the same API call. The new entitlements can only come from the target source that you want to change to. Look for the example "Replace Source" in the examples dropdown. A user with SOURCE_SUBADMIN may only use this API to patch Access Profiles which are associated with Sources they are able to administer. > The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters. > You can only add or replace **entitlements** that exist on the source that the access profile is attached to. You can use the **list entitlements** endpoint with the **filters** query parameter to get a list of available entitlements on the access profile's source. parameters: - name: id in: path description: ID of the Access Profile to patch required: true x-sailpoint-resource-operation-id: listAccessProfiles schema: type: string example: 2c91808a7813090a017814121919ecca requestBody: content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' examples: Add Entitlements: description: Add one or more entitlements to the end of the list value: - op: add path: /entitlements value: - id: 2c9180857725c14301772a93bb77242d type: ENTITLEMENT name: AD User Group Insert Entitlement: description: Add an entitlement at the beginning of the entitlement list value: - op: add path: /entitlements/0 value: id: 2c9180857725c14301772a93bb77242d type: ENTITLEMENT name: AD User Group Replace Entitlements: description: Replace all entitlements with a new list of entitlements value: - op: replace path: /entitlements value: - id: 2c9180857725c14301772a93bb77242d type: ENTITLEMENT name: AD User Group Remove Entitlement: description: Remove the first entitlement in the list value: - op: remove path: /entitlements/0 Replace Source: description: Change the source and the entitlements of the access profile value: - op: replace path: /source value: id: 2c9180887671ff8c01767b4671fb7d5e type: SOURCE name: Employees - op: replace path: /entitlements value: - id: 2c9180877677453d01767b4b08f63386 type: ENTITLEMENT name: DevRel required: true responses: '200': description: Responds with the Access Profile as updated. content: application/json: schema: $ref: '#/components/schemas/AccessProfile' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:access-profile:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN delete: operationId: deleteAccessProfile tags: - Access Profiles summary: Delete the specified access profile description: |- This API deletes an existing Access Profile. The Access Profile must not be in use, for example, Access Profile can not be deleted if they belong to an Application, Life Cycle State or a Role. If it is, a 400 error is returned. A user with SOURCE_SUBADMIN must be able to administer the Source associated with the Access Profile. parameters: - name: id in: path description: ID of the Access Profile to delete required: true x-sailpoint-resource-operation-id: listAccessProfiles schema: type: string example: 2c91808a7813090a017814121919ecca responses: '204': $ref: '#/components/responses/204' '400': description: Returned when an access profile cannot be deleted as it's being used. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: 400.2.1.0 Object in use by another: description: Returned when an access profile cannot be deleted as it's being used value: detailCode: 400.2.1.0 Object in use by another trackingId: c9c1033c55b84ebc9e93e926dcf8b8b3 messages: - locale: en-US localeOrigin: DEFAULT text: The "testAccessProfile" access profile can't be deleted because it's in use. '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:access-profile:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /access-profiles/bulk-delete: post: operationId: deleteAccessProfilesInBulk summary: Delete access profile(s) tags: - Access Profiles description: |- This endpoint initiates a bulk deletion of one or more access profiles. When the request is successful, the endpoint returns the bulk delete's task result ID. To follow the task, you can use [Get Task Status by ID](https://developer.sailpoint.com/docs/api/beta/get-task-status), which will return the task result's status and information. This endpoint can only bulk delete up to a limit of 50 access profiles per request. By default, if any of the indicated access profiles are in use, no deletions will be performed and the **inUse** field of the response indicates the usages that must be removed first. If the request field **bestEffortOnly** is **true**, however, usages are reported in the **inUse** response field but all other indicated access profiles will be deleted. A SOURCE_SUBADMIN user can only use this endpoint to delete access profiles associated with sources they're able to administer. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccessProfileBulkDeleteRequest' example: bestEffortOnly: true accessProfileIds: - 2c91808876438bb2017668b91919ecca - 2c91808876438ba801766e129f151816 responses: '200': description: Returned only if **bestEffortOnly** is **false**, and one or more Access Profiles are in use. content: application/json: schema: $ref: '#/components/schemas/AccessProfileBulkDeleteResponse' example: pending: [] inUse: - accessProfileId: 2c91808876438ba801766e129f151816 usages: - type: Role id: 2c9180887643764201766e9f6e121518 '202': description: Returned if at least one deletion will be performed. content: application/json: schema: $ref: '#/components/schemas/AccessProfileBulkDeleteResponse' example: taskId: 2c91808a7813090a01781412a1119a20 pending: - 2c91808a7813090a017813fe1919ecca inUse: - accessProfileId: 2c91808876438ba801766e129f151816 usages: - type: Role id: 2c9180887643764201766e9f6e121518 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:access-profile:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /access-profiles/{id}/entitlements: get: operationId: getAccessProfileEntitlements tags: - Access Profiles summary: List access profile's entitlements description: |- Use this API to get a list of an access profile's entitlements. A SOURCE_SUBADMIN user must have access to the source associated with the specified access profile. >**Note:** When you filter for access profiles that have the '+' symbol in their names, the response is blank. parameters: - name: id in: path description: ID of the access profile containing the entitlements. required: true x-sailpoint-resource-operation-id: listAccessProfiles schema: type: string example: 2c91808a7813090a017814121919ecca - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **attribute**: *eq, sw* **value**: *eq, sw* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **source.id**: *eq, in* Filtering is not supported for access profiles and entitlements that have the '+' symbol in their names. example: attribute eq "memberOf" required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, attribute, value, created, modified** example: name,-modified required: false responses: '200': description: List of entitlements. content: application/json: schema: type: array items: $ref: '#/components/schemas/Entitlement' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:access-profile:read x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /access-requests: post: operationId: createAccessRequest security: - userAuth: - idn:access-request:manage x-sailpoint-userLevels: - ORG_ADMIN - USER summary: Submit access request tags: - Access Requests description: | Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes. :::info The ability to request access using this API is constrained by the Access Request Segments defined in the API token’s user context. ::: Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn't return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected. It's best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren't requesting access that is already granted. If you use this API to request access that an identity already has, without changing the account details or end date information from the existing assignment, the API will cancel the request as a duplicate. There are two types of access request: __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options. * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * You can specify a `removeDate` to set or alter a sunset date-time on an assignment. The removeDate must be a future date-time, in the UTC timezone. Additionally, if the user already has the access assigned with a sunset date, you can also submit a request without a `removeDate` to request removal of the sunset date and time. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Now supports an alternate field 'requestedForWithRequestedItems' for users to specify account selections while requesting items where they have more than one account on the source. :::caution If any entitlements are being requested, then the maximum number of entitlements that can be requested is 25, and the maximum number of identities that can be requested for is 10. If you exceed these limits, the request will fail with a 400 error. If you are not requesting any entitlements, then there are no limits. ::: __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning. * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the requested role, access profile, or entitlement will be removed on that date and time. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` to add or alter a sunset date and time on an assignment. The `removeDate` must be a future date-time, in the UTC timezone. If the user already has the access assigned with a sunset date and time, the removeDate must be a date-time earlier than the existing sunset date and time. * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of 'assignmentId' and 'nativeIdentity' fields. These fields should be used within the 'requestedItems' section for the revoke requests. * Usage of 'requestedForWithRequestedItems' field is not supported for revoke requests. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccessRequest' responses: '202': description: Access Request Response. content: application/json: schema: $ref: '#/components/schemas/AccessRequestResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-requests/cancel: post: operationId: cancelAccessRequest security: - userAuth: - idn:access-request:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Access Requests summary: Cancel access request description: |- This API endpoint cancels a pending access request. An access request can be cancelled only if it has not passed the approval step. In addition to users with ORG_ADMIN, any user who originally submitted the access request may cancel it. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CancelAccessRequest' example: accountActivityId: 2c91808568c529c60168cca6f90c1313 comment: I requested this role by mistake. responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-requests/close: post: operationId: closeAccessRequest tags: - Access Requests summary: Close access request security: - userAuth: [] x-sailpoint-userLevels: - ORG_ADMIN description: | This endpoint closes access requests that are stuck in a pending state. It can be used throughout a request's lifecycle even after the approval state, unlike the [Cancel Access Request endpoint](https://developer.sailpoint.com/idn/api/v3/cancel-access-request/). To find pending access requests with the UI, navigate to Search and use this query: status: Pending AND "Access Request". Use the Column Chooser to select 'Tracking Number', and use the 'Download' button to export a CSV containing the tracking numbers. To find pending access requests with the API, use the [List Account Activities endpoint](https://developer.sailpoint.com/idn/api/v3/list-account-activities/). Input the IDs from either source. To track the status of endpoint requests, navigate to Search and use this query: name:"Close Identity Requests". Search will include "Close Identity Requests Started" audits when requests are initiated and "Close Identity Requests Completed" audits when requests are completed. The completion audit will list the identity request IDs that finished in error. This API triggers the [Provisioning Completed event trigger](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/provisioning-completed/) for each access request that is closed. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CloseAccessRequest' example: accessRequestIds: - 2c90ad2a70ace7d50170acf22ca90010 executionStatus: Terminated completionStatus: Failure message: The IdentityNow Administrator manually closed this request. responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-requests/bulk-cancel: post: operationId: cancelAccessRequestInBulk security: - userAuth: - idn:access-request-administration:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Access Requests summary: Bulk cancel access request description: |- This API endpoint allows cancelling pending access requests in bulk. Maximum of 50 access request ids can be provided in the request for one single invocation. Only ORG_ADMIN or users with rights "idn:access-request-administration:write" can cancel the access requests in bulk. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/BulkCancelAccessRequest' example: accessRequestIds: - 2c91808568c529c60168cca6f90c1313 - 2c91808568c529c60168cca6f90c1314 comment: I requested this role by mistake. responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-requests/accounts-selection: post: operationId: loadAccountSelections security: - userAuth: - idn:access-request:manage x-sailpoint-userLevels: - ORG_ADMIN - USER summary: Get accounts selections for identity tags: - Access Requests description: | Use this API to fetch account information for an identity against the items in an access request. Used to fetch accountSelection for the AccessRequest prior to submitting for async processing. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccountsSelectionRequest' responses: '200': description: Accounts Selection Response content: application/json: schema: $ref: '#/components/schemas/AccountsSelectionResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /access-request-config: get: operationId: getAccessRequestConfig security: - userAuth: - idn:access-request-config:read summary: Get access request configuration tags: - Access Requests description: This endpoint returns the current access-request configuration. responses: '200': description: Access Request Configuration Details. content: application/json: schema: $ref: '#/components/schemas/AccessRequestConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: setAccessRequestConfig security: - userAuth: - idn:access-request-config:manage x-sailpoint-userLevels: - ORG_ADMIN summary: Update access request configuration tags: - Access Requests description: This endpoint replaces the current access-request configuration. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccessRequestConfig' responses: '200': description: Access Request Configuration Details. content: application/json: schema: $ref: '#/components/schemas/AccessRequestConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-request-status: get: operationId: listAccessRequestStatus security: - userAuth: - idn:access-request-status:read x-sailpoint-userLevels: - ORG_ADMIN tags: - Access Requests summary: Access request status description: |- Use this API to return a list of access request statuses based on the specified query parameters. If an access request was made for access that an identity already has, the API ignores the access request. These ignored requests do not display in the list of access request statuses. Any user with any user level can get the status of their own access requests. A user with ORG_ADMIN is required to call this API to get a list of statuses for other users. parameters: - in: query name: requested-for schema: type: string example: 2c9180877b2b6ea4017b2c545f971429 description: Filter the results by the identity the requests were made for. *me* indicates the current user. Mutually exclusive with *regarding-identity*. required: false - in: query name: requested-by schema: type: string example: 2c9180877b2b6ea4017b2c545f971429 description: Filter the results by the identity who made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*. required: false - in: query name: regarding-identity schema: type: string example: 2c9180877b2b6ea4017b2c545f971429 description: Filter the results by the specified identity who is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*. required: false - in: query name: assigned-to schema: type: string example: 2c9180877b2b6ea4017b2c545f971429 description: Filter the results by the specified identity who is the owner of the Identity Request Work Item. *me* indicates the current user. required: false - in: query name: count description: If this is true, the *X-Total-Count* response header populates with the number of results that would be returned if limit and offset were ignored. required: false schema: type: boolean default: false example: false - in: query name: limit description: Max number of results to return. required: false schema: type: integer format: int32 minimum: 0 maximum: 250 default: 250 example: 100 - in: query name: offset description: Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified. required: false schema: type: integer format: int32 minimum: 0 example: 10 - in: query name: filters schema: type: string example: accountActivityItemId eq "2c918086771c86df0177401efcdf54c0" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **accessRequestId**: *eq, in, ge, gt, le, lt, ne, sw* **accountActivityItemId**: *eq, in, ge, gt, le, lt, ne, isnull, sw* **created**: *eq, in, ge, gt, le, lt, ne, isnull, sw* required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **created, modified, accountActivityItemId, name** example: created required: false - in: query name: request-state schema: type: string example: request-state=EXECUTING description: Filter the results by the state of the request. The only valid value is *EXECUTING*. required: false responses: '200': description: List of requested item statuses. content: application/json: schema: type: array items: $ref: '#/components/schemas/RequestedItemStatus' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-request-administration: get: operationId: listAdministratorsAccessRequestStatus security: - userAuth: - idn:access-request-administration:read x-sailpoint-userLevels: - ORG_ADMIN - idn:access-request-administration:read tags: - Access Requests summary: Access request status for administrators description: |- Use this API to get access request statuses of all the access requests in the org based on the specified query parameters. Any user with user level ORG_ADMIN or scope idn:access-request-administration:read can access this endpoint to get the access request statuses parameters: - in: header name: X-SailPoint-Experimental description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true - in: query name: requested-for schema: type: string example: 2c9180877b2b6ea4017b2c545f971429 description: Filter the results by the identity the requests were made for. *me* indicates the current user. Mutually exclusive with *regarding-identity*. required: false - in: query name: requested-by schema: type: string example: 2c9180877b2b6ea4017b2c545f971429 description: Filter the results by the identity who made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*. required: false - in: query name: regarding-identity schema: type: string example: 2c9180877b2b6ea4017b2c545f971429 description: Filter the results by the specified identity who is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*. required: false - in: query name: assigned-to schema: type: string example: 2c9180877b2b6ea4017b2c545f971429 description: Filter the results by the specified identity who is the owner of the Identity Request Work Item. *me* indicates the current user. required: false - in: query name: count description: If this is true, the *X-Total-Count* response header populates with the number of results that would be returned if limit and offset were ignored. required: false schema: type: boolean default: false example: false - in: query name: limit description: Max number of results to return. required: false schema: type: integer format: int32 minimum: 0 maximum: 250 default: 250 example: 100 - in: query name: offset description: Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified. required: false schema: type: integer format: int32 minimum: 0 example: 10 - in: query name: filters schema: type: string example: accountActivityItemId eq "2c918086771c86df0177401efcdf54c0" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **accountActivityItemId**: *eq, in, ge, gt, le, lt, ne, isnull, sw* **accessRequestId**: *in* **status**: *in, eq, ne* **created**: *eq, in, ge, gt, le, lt, ne, isnull, sw* required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **created, modified, accountActivityItemId, name, accessRequestId** example: created required: false - in: query name: request-state schema: type: string example: request-state=EXECUTING description: Filter the results by the state of the request. The only valid value is *EXECUTING*. required: false responses: '200': description: List of requested item statuses. content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessRequestAdminItemStatus' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-request-approvals/pending: get: operationId: listPendingApprovals security: - userAuth: - idn:access-request-approvals:read x-sailpoint-userLevels: - ORG_ADMIN summary: Pending access request approvals list tags: - Access Request Approvals description: This endpoint returns a list of pending approvals. See "owner-id" query parameter below for authorization info. parameters: - in: query name: owner-id schema: type: string description: |- If present, the value returns only pending approvals for the specified identity. * ORG_ADMIN users can call this with any identity ID value. * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used. * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value. example: 2c91808568c529c60168cca6f90c1313 required: false - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters required: false schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **requestedFor.id**: *eq, in* **modified**: *gt, lt, ge, le, eq, in* **accessRequestId**: *eq, in* **created**: *gt, lt, ge, le, eq, in* example: id eq "2c91808568c529c60168cca6f90c1313" - in: query name: sorters required: false schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **created, modified** example: modified responses: '200': description: List of Pending Approvals. content: application/json: schema: type: array items: $ref: '#/components/schemas/PendingApproval' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-request-approvals/completed: get: operationId: listCompletedApprovals summary: Completed access request approvals list tags: - Access Request Approvals description: This endpoint returns list of completed approvals. See *owner-id* query parameter below for authorization info. security: - userAuth: - idn:access-request-approvals:read parameters: - in: query name: owner-id required: false schema: type: string description: |- If present, the value returns only completed approvals for the specified identity. * ORG_ADMIN users can call this with any identity ID value. * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used. * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value. example: 2c91808568c529c60168cca6f90c1313 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters required: false schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in, ge, gt, le, lt, ne, isnull, sw* **requestedFor.id**: *eq, in, ge, gt, le, lt, ne, isnull, sw* **modified**: *gt, lt, ge, le, eq, in, ne, sw* example: id eq "2c91808568c529c60168cca6f90c1313" - in: query name: sorters required: false schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **created, modified** example: modified responses: '200': description: List of Completed Approvals. content: application/json: schema: type: array items: $ref: '#/components/schemas/CompletedApproval' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-request-approvals/{approvalId}/approve: post: operationId: approveAccessRequest security: - userAuth: - idn:access-request-approvals:manage x-sailpoint-userLevels: - ORG_ADMIN - APPROVAL_OWNER summary: Approve access request approval tags: - Access Request Approvals description: Use this endpoint to approve an access request approval. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action. parameters: - in: path name: approvalId schema: type: string required: true x-sailpoint-resource-operation-id: listPendingApprovals description: Approval ID. example: 2c91808b7294bea301729568c68c002e requestBody: description: Reviewer's comment. required: false content: application/json: schema: $ref: '#/components/schemas/CommentDto' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-request-approvals/{approvalId}/reject: post: operationId: rejectAccessRequest summary: Reject access request approval tags: - Access Request Approvals description: Use this API to reject an access request approval. Only the owner of the approval and admin users are allowed to perform this action. parameters: - in: path name: approvalId schema: type: string required: true x-sailpoint-resource-operation-id: listPendingApprovals description: Approval ID. example: 2c91808b7294bea301729568c68c002e requestBody: description: Reviewer's comment. required: true content: application/json: schema: $ref: '#/components/schemas/CommentDto' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:access-request-approvals:manage /access-request-approvals/{approvalId}/forward: post: operationId: forwardAccessRequest summary: Forward access request approval tags: - Access Request Approvals description: Use this API to forward an access request approval to a new owner. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action. parameters: - in: path name: approvalId schema: type: string required: true x-sailpoint-resource-operation-id: listPendingApprovals description: Approval ID. example: 2c91808b7294bea301729568c68c002e requestBody: description: Information about the forwarded approval. required: true content: application/json: schema: $ref: '#/components/schemas/ForwardApprovalDto' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:access-request-approvals:manage /access-request-approvals/approval-summary: get: operationId: getAccessRequestApprovalSummary security: - userAuth: - idn:access-request-approvals:read summary: Get access requests approvals number tags: - Access Request Approvals description: Use this API to return the number of pending, approved and rejected access requests approvals. See the "owner-id" query parameter for authorization information. info. parameters: - in: query name: owner-id schema: type: string description: |- The ID of the owner or approver identity of the approvals. If present, the value returns approval summary for the specified identity. * ORG_ADMIN users can call this with any identity ID value. * ORG_ADMIN user can also fetch all the approvals in the org, when owner-id is not used. * Non ORG_ADMIN users can only specify *me* or pass their own identity ID value. example: 2c91808568c529c60168cca6f90c1313 required: false - in: query name: from-date schema: type: string description: This is the date and time the results will be shown from. It must be in a valid ISO-8601 format. example: from-date=2020-03-19T19:59:11Z required: false responses: '200': description: Number of pending, approved, rejected access request approvals. content: application/json: schema: $ref: '#/components/schemas/ApprovalSummary' '400': description: Client Error - Returned if the query parameter is invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-request-approvals/bulk-approve: post: operationId: approveBulkAccessRequest security: - userAuth: - idn:access-request:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Access Requests summary: Bulk approve access request description: This API endpoint allows approving pending access requests in bulk. Maximum of 50 approval ids can be provided in the request for one single invocation. ORG_ADMIN or users with rights "idn:access-request-administration:write" can approve the access requests in bulk. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/BulkApproveAccessRequest' example: accessRequestIds: - 2c91808568c529c60168cca6f90c1313 - 2c91808568c529c60168cca6f90c1314 comment: I approve these request items responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-request-approvals/{accessRequestId}/approvers: get: operationId: listAccessRequestApprovers security: - userAuth: - idn:access-request-administration:read x-sailpoint-userLevels: - ORG_ADMIN tags: - Access Request Approvals summary: Access request approvers description: | This API endpoint returns the list of approvers for the given access request id. parameters: - in: path name: accessRequestId description: Access Request ID. required: true x-sailpoint-resource-operation-id: listPendingApprovals schema: type: string example: 2c91808568c529c60168cca6f90c1313 - in: query name: limit description: Max number of results to return. required: false schema: type: integer format: int32 minimum: 0 maximum: 250 default: 250 example: 100 - in: query name: offset description: Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified. required: false schema: type: integer format: int32 minimum: 0 example: 10 - in: query name: count description: If this is true, the *X-Total-Count* response header populates with the number of results that would be returned if limit and offset were ignored. required: false schema: type: boolean default: false example: false responses: '200': description: List of Approvers. content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessRequestApproversListResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts: get: operationId: listAccounts tags: - Accounts summary: Accounts list description: 'List accounts. ' security: - userAuth: - idn:accounts:read - idn:accounts:manage - applicationAuth: - idn:accounts:read - idn:accounts:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - HELPDESK parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: detailLevel required: false schema: type: string enum: - SLIM - FULL description: This value determines whether the API provides `SLIM` or increased level of detail (`FULL`) for each account in the returned list. `FULL` is the default behavior. example: FULL - in: query name: filters required: false schema: type: string example: identityId eq "2c9180858082150f0180893dbaf44201" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in, sw* **identityId**: *eq, in, sw* **name**: *eq, in, sw* **nativeIdentity**: *eq, in, sw* **hasEntitlements**: *eq* **sourceId**: *eq, in, sw* **uncorrelated**: *eq* **entitlements**: *eq* **origin**: *eq, in* **manuallyCorrelated**: *eq* **identity.name**: *eq, in, sw* **identity.correlated**: *eq* **identity.identityState**: *eq, in* **source.displayableName**: *eq, in* **source.authoritative**: *eq* **source.connectionType**: *eq, in* **recommendation.method**: *eq, in, isnull* **created**: *eq, ge, gt, le, lt* **modified**: *eq, ge, gt, le, lt* - in: query name: sorters required: false schema: type: string format: comma-separated example: id,name description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, created, modified, sourceId, identityId, nativeIdentity, uuid, manuallyCorrelated, entitlements, origin, identity.name, identity.identityState, identity.correlated, source.displayableName, source.authoritative, source.connectionType** responses: '200': description: List of account objects. content: application/json: schema: type: array items: $ref: '#/components/schemas/Account' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createAccount tags: - Accounts summary: Create account description: | Submit an account creation task - the API then returns the task ID. You must include the `sourceId` where the account will be created in the `attributes` object. This endpoint creates an account on the source record in your ISC tenant. This is useful for Flat File (`DelimitedFile`) type sources because it allows you to aggregate new accounts without needing to import a new CSV file every time. However, if you use this endpoint to create an account for a Direct Connection type source, you must ensure that the account also exists on the target source. The endpoint doesn't actually provision the account on the target source, which means that if the account doesn't also exist on the target source, an aggregation between the source and your tenant will remove it from your tenant. By providing the account ID of an existing account in the request body, this API will function as a PATCH operation and update the account. security: - userAuth: - idn:accounts:manage - applicationAuth: - idn:accounts:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccountAttributesCreate' responses: '202': description: Async task details. content: application/json: schema: $ref: '#/components/schemas/AccountsAsyncResult' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts/{id}: get: operationId: getAccount tags: - Accounts summary: Account details description: 'Use this API to return the details for a single account by its ID. ' security: - userAuth: - idn:accounts:read - idn:accounts:manage - applicationAuth: - idn:accounts:read - idn:accounts:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - HELPDESK parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccounts description: Account ID. example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: Account object. content: application/json: schema: $ref: '#/components/schemas/Account' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: updateAccount tags: - Accounts summary: Update account description: | Use this API to update account details. This API supports updating an account's correlation by modifying the `identityId` and `manuallyCorrelated` fields. To reassign an account from one identity to another, replace the current `identityId` with a new value. If the account you're assigning was provisioned by Identity Security Cloud (ISC), it's possible for ISC to create a new account for the previous identity as soon as the account is moved. If the account you're assigning is authoritative, this causes the previous identity to become uncorrelated and can even result in its deletion. All accounts that are reassigned will be set to `manuallyCorrelated: true` unless you specify otherwise. >**Note:** The `attributes` field can only be modified for flat file accounts. security: - userAuth: - idn:accounts:manage - applicationAuth: - idn:accounts:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccounts description: Account ID. example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true description: A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. content: application/json-patch+json: schema: type: array items: type: object examples: Uncorrelate account: description: Remove account from Identity value: - op: remove path: /identityId Reassign account: description: Move account from one Identity to another Identity value: - op: replace path: /identityId value: 2c9180857725c14301772a93bb77242d Add account attribute: description: Add flat file account's attribute value: - op: add path: /attributes/familyName value: Smith Replace account attribute: description: Replace flat file account's attribute value: - op: replace path: /attributes/familyName value: Smith Remove account attribute: description: Remove flat file account's attribute value: - op: remove path: /attributes/familyName responses: '202': description: Accepted. Update request accepted and is in progress. $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putAccount tags: - Accounts summary: Update account description: | Use this API to update an account with a PUT request. This endpoint submits an account update task and returns the task ID. >**Note: You can only use this PUT endpoint to update accounts from flat file sources.** security: - userAuth: - idn:accounts:manage - applicationAuth: - idn:accounts:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccounts description: Account ID. example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccountAttributes' responses: '202': description: Async task details. content: application/json: schema: $ref: '#/components/schemas/AccountsAsyncResult' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteAccount tags: - Accounts summary: Delete account description: |- Use this API to delete an account. This endpoint submits an account delete task and returns the task ID. This endpoint only deletes the account from IdentityNow, not the source itself, which can result in the account's returning with the next aggregation between the source and IdentityNow. To avoid this scenario, it is recommended that you [disable accounts](https://developer.sailpoint.com/idn/api/v3/disable-account) rather than delete them. This will also allow you to reenable the accounts in the future. >**NOTE: You can only delete accounts from sources of the "DelimitedFile" type.** security: - userAuth: - idn:accounts:manage - applicationAuth: - idn:accounts:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccounts description: Account ID. example: ef38f94347e94562b5bb8424a56397d8 responses: '202': description: Async task details. content: application/json: schema: $ref: '#/components/schemas/AccountsAsyncResult' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts/{id}/entitlements: get: operationId: getAccountEntitlements tags: - Accounts summary: Account entitlements description: 'This API returns entitlements of the account. ' security: - userAuth: - idn:accounts:read - idn:accounts:manage - applicationAuth: - idn:accounts:read - idn:accounts:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - HELPDESK parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccounts description: The account id example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: An array of account entitlements content: application/json: schema: type: array items: $ref: '#/components/schemas/Entitlement' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts/{id}/reload: post: operationId: submitReloadAccount tags: - Accounts summary: Reload account description: 'This API asynchronously reloads the account directly from the connector and performs a one-time aggregation process. ' security: - userAuth: - idn:accounts-state:manage - applicationAuth: - idn:accounts-state:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - HELPDESK parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccounts description: The account id example: ef38f94347e94562b5bb8424a56397d8 responses: '202': description: Async task details content: application/json: schema: $ref: '#/components/schemas/AccountsAsyncResult' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts/{id}/enable: post: operationId: enableAccount tags: - Accounts summary: Enable account description: 'This API submits a task to enable account and returns the task ID. ' security: - userAuth: - idn:accounts-state:manage - applicationAuth: - idn:accounts-state:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - HELPDESK parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccounts description: The account id example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccountToggleRequest' responses: '202': description: Async task details content: application/json: schema: $ref: '#/components/schemas/AccountsAsyncResult' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts/{id}/disable: post: operationId: disableAccount tags: - Accounts summary: Disable account description: 'This API submits a task to disable the account and returns the task ID. ' security: - userAuth: - idn:accounts-state:manage - applicationAuth: - idn:accounts-state:manage x-sailpont-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - HELPDESK parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccounts description: The account id example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccountToggleRequest' responses: '202': description: Async task details content: application/json: schema: $ref: '#/components/schemas/AccountsAsyncResult' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts/{id}/unlock: post: operationId: unlockAccount tags: - Accounts summary: Unlock account description: |- This API submits a task to unlock an account and returns the task ID. To use this endpoint to unlock an account that has the `forceProvisioning` option set to true, the `idn:accounts-provisioning:manage` scope is required. security: - userAuth: - idn:accounts-state:manage - applicationAuth: - idn:accounts-state:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - HELPDESK parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccounts description: The account ID. example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccountUnlockRequest' responses: '202': description: Async task details content: application/json: schema: $ref: '#/components/schemas/AccountsAsyncResult' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts/{id}/remove: post: operationId: deleteAccountAsync summary: Remove account tags: - Accounts description: | Use this endpoint to remove accounts from the system without provisioning changes to the source. Accounts that are removed could be re-created during the next aggregation. This endpoint is good for: * Removing accounts that no longer exist on the source. * Removing accounts that won't be aggregated following updates to the source configuration. * Forcing accounts to be re-created following the next aggregation to re-run account processing, support testing, etc. x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccounts description: The account id example: c350d6aa4f104c61b062cb632421ad10 responses: '202': description: Accepted. Returns task result details of removal request. content: application/json: schema: $ref: '#/components/schemas/TaskResultDto' example: type: TASK_RESULT id: 464ae7bf791e49fdb74606a2e4a89635 name: null '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:accounts:manage - applicationAuth: - idn:accounts:manage /account-activities: get: operationId: listAccountActivities tags: - Account Activities summary: List account activities description: This gets a collection of account activities that satisfy the given query parameters. parameters: - in: query name: requested-for schema: type: string description: The identity that the activity was requested for. *me* indicates the current user. Mutually exclusive with *regarding-identity*. required: false example: 2c91808568c529c60168cca6f90c1313 - in: query name: requested-by schema: type: string description: The identity that requested the activity. *me* indicates the current user. Mutually exclusive with *regarding-identity*. required: false example: 2c91808568c529c60168cca6f90c1313 - in: query name: regarding-identity schema: type: string description: The specified identity will be either the requester or target of the account activity. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*. required: false example: 2c91808568c529c60168cca6f90c1313 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **type**: *eq, in, ge, le, lt, ne, isnull, sw* **created**: *gt, lt, ge, le, eq, in, ne, isnull, sw* **modified**: *gt, lt, ge, le, eq, in, ne, isnull, sw* example: type eq "Identity Refresh" required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **type, created, modified** example: created required: false responses: '200': description: List of account activities content: application/json: schema: type: array items: $ref: '#/components/schemas/AccountActivity' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /account-activities/{id}: get: operationId: getAccountActivity tags: - Account Activities summary: Get an account activity description: This gets a single account activity by its id. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAccountActivities description: The account activity id example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: An account activity object content: application/json: schema: $ref: '#/components/schemas/AccountActivity' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /account-aggregations/{id}/status: get: operationId: getAccountAggregationStatus tags: - Account Aggregations summary: In-progress account aggregation status security: - userAuth: [] x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN description: |- This API returns the status of an *in-progress* account aggregation, along with the total number of **NEW**, **CHANGED** and **DELETED** accounts found since the previous aggregation, and the number of those accounts that have been processed so far. Accounts that have not changed since the previous aggregation are not included in **totalAccounts** and **processedAccounts** counts returned by this API. This is distinct from **Accounts Scanned** shown in the Aggregation UI, which indicates total accounts scanned regardless of whether they changed or not. Since this endpoint reports on the status of an *in-progress* account aggregation, totalAccounts and processedAccounts may change between calls to this endpoint. *Only available up to an hour after the aggregation completes. May respond with *404 Not Found* after that.* required to call this API. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getTaskStatusList description: The account aggregation id example: 2c91808477a6b0c60177a81146b8110b responses: '200': description: An account aggregation status object content: application/json: schema: $ref: '#/components/schemas/AccountAggregationStatus' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /auth-org/network-config: get: operationId: getAuthOrgNetworkConfig tags: - Global Tenant Security Settings summary: Get security network configuration. description: This API returns the details of an org's network auth configuration. security: - userAuth: - sp:auth-org:read - applicationAuth: - sp:auth-org:read responses: '200': description: Network configuration for the tenant's auth org. content: application/json: schema: $ref: '#/components/schemas/NetworkConfiguration' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createAuthOrgNetworkConfig tags: - Global Tenant Security Settings summary: Create security network configuration. description: 'This API returns the details of an org''s network auth configuration. Requires security scope of: ''sp:auth-org:manage''' security: - userAuth: - sp:auth-org:manage - applicationAuth: - sp:auth-org:manage requestBody: required: true description: |- Network configuration creation request body. The following constraints ensure the request body conforms to certain logical guidelines, which are: 1. Each string element in the range array must be a valid ip address or ip subnet mask. 2. Each string element in the geolocation array must be 2 characters, and they can only be uppercase letters. content: application/json: schema: $ref: '#/components/schemas/NetworkConfiguration' responses: '200': description: Network configuration for the tenant. content: application/json: schema: $ref: '#/components/schemas/NetworkConfiguration' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchAuthOrgNetworkConfig tags: - Global Tenant Security Settings summary: Update security network configuration. description: |- This API updates an existing network configuration for an org using PATCH Requires security scope of: 'sp:auth-org:manage' security: - userAuth: - sp:auth-org:manage - applicationAuth: - sp:auth-org:manage requestBody: required: true description: |- A list of auth org network configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Ensures that the patched Network Config conforms to certain logical guidelines, which are: 1. Each string element in the range array must be a valid ip address or ip subnet mask. 2. Each string element in the geolocation array must be 2 characters, and they can only be uppercase letters. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /whitelisted value: false, - op: add path: /geolocation value: - AF - HN - ES responses: '200': description: Updated Auth Org network configuration. content: application/json: schema: $ref: '#/components/schemas/NetworkConfiguration' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /auth-org/lockout-config: get: operationId: getAuthOrgLockoutConfig tags: - Global Tenant Security Settings summary: Get auth org lockout configuration. description: This API returns the details of an org's lockout auth configuration. security: - userAuth: - sp:auth-org:read - applicationAuth: - sp:auth-org:read responses: '200': description: Lockout configuration for the tenant's auth org. content: application/json: schema: $ref: '#/components/schemas/LockoutConfiguration' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchAuthOrgLockoutConfig tags: - Global Tenant Security Settings summary: Update auth org lockout configuration description: | This API updates an existing lockout configuration for an org using PATCH security: - userAuth: - sp:auth-org:manage - applicationAuth: - sp:auth-org:manage x-sailpoint-userLevels: - ORG_ADMIN - HELPDESK requestBody: required: true description: |- A list of auth org lockout configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Ensures that the patched Lockout Config conforms to certain logical guidelines, which are: `1. maximumAttempts >= 1 && maximumAttempts <= 15 2. lockoutDuration >= 5 && lockoutDuration <= 60 3. lockoutWindow >= 5 && lockoutDuration <= 60` content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /maximumAttempts value: 7, - op: add path: /lockoutDuration value: 35 responses: '200': description: Updated Auth Org lockout configuration. content: application/json: schema: $ref: '#/components/schemas/LockoutConfiguration' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /auth-org/service-provider-config: get: operationId: getAuthOrgServiceProviderConfig tags: - Global Tenant Security Settings summary: Get service provider configuration. description: This API returns the details of an org's service provider auth configuration. responses: '200': description: Service provider configuration for the tenant. content: application/json: schema: $ref: '#/components/schemas/ServiceProviderConfiguration' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - 'sp:auth-org:read ' - applicationAuth: - 'sp:auth-org:read ' patch: operationId: patchAuthOrgServiceProviderConfig tags: - Global Tenant Security Settings summary: Update service provider configuration description: This API updates an existing service provider configuration for an org using PATCH. requestBody: required: true description: |- A list of auth org service provider configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Note: /federationProtocolDetails/0 is IdpDetails /federationProtocolDetails/1 is SpDetails Ensures that the patched ServiceProviderConfig conforms to certain logical guidelines, which are: 1. Do not add or remove any elements in the federation protocol details in the service provider configuration. 2. Do not modify, add, or delete the service provider details element in the federation protocol details. 3. If this is the first time the patched ServiceProviderConfig enables Remote IDP sign-in, it must also include IDPDetails. 4. If the patch enables Remote IDP sign in, the entityID in the IDPDetails cannot be null. IDPDetails must include an entityID. 5. Any JIT configuration update must be valid. Just in time configuration update must be valid when enabled. This includes: - A Source ID - Source attribute mappings - Source attribute maps have all the required key values (firstName, lastName, email) content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /enabled value: true, - op: add path: /federationProtocolDetails/0/jitConfiguration value: enabled: true sourceId: 2c9180857377ed2901739c12a2da5ac8 sourceAttributeMappings: firstName: okta.firstName lastName: okta.lastName email: okta.email employeeNumber: okta.employeeNumber responses: '200': description: Auth Org Service Provider configuration updated. content: application/json: schema: $ref: '#/components/schemas/ServiceProviderConfiguration' '400': description: Client Error - Returned if the request body is invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: 400.1 Bad Request Content: description: Response for bad request content value: detailCode: 400.1 Bad Request Content trackingId: e7eab60924f64aa284175b9fa3309599 messages: - locale: en localeOrigin: REQUEST text: firstName is required; accountName is required; 400.1.3 Illegal value: description: Response for Illegal value value: detailCode: 400.1.3 Illegal value trackingId: e7eab60924f64aa284175b9fa3309599 messages: - locale: en localeOrigin: REQUEST text: JIT source id is invalid. '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:auth-org:manage - applicationAuth: - sp:auth-org:manage /auth-org/session-config: get: operationId: getAuthOrgSessionConfig tags: - Global Tenant Security Settings summary: Get auth org session configuration. description: This API returns the details of an org's session auth configuration. security: - userAuth: - sp:auth-org:read - applicationAuth: - sp:auth-org:read responses: '200': description: Session configuration for the tenant's auth org. content: application/json: schema: $ref: '#/components/schemas/SessionConfiguration' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchAuthOrgSessionConfig tags: - Global Tenant Security Settings summary: Update auth org session configuration description: This API updates an existing session configuration for an org using PATCH. security: - userAuth: - sp:auth-org:manage - applicationAuth: - sp:auth-org:manage x-sailpoint-userLevels: - ORG_ADMIN - HELPDESK requestBody: required: true description: | A list of auth org session configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Ensures that the patched Session Config conforms to certain logical guidelines, which are: `1. maxSessionTime >= 1 && maxSessionTime <= 10080 (1 week) 2. maxIdleTime >= 1 && maxIdleTime <= 1440 (1 day) 3. maxSessionTime must have a greater duration than maxIdleTime.` content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /rememberMe value: true, - op: add path: /maxSessionTime value: 480 responses: '200': description: Updated Auth Org session configuration. content: application/json: schema: $ref: '#/components/schemas/SessionConfiguration' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /auth-users/{id}: get: operationId: getAuthUser tags: - Auth Users summary: Auth user details description: Return the specified user's authentication system details. parameters: - in: path name: id description: Identity ID required: true x-sailpoint-resource-operation-id: listIdentities schema: type: string example: ef38f94347e94562b5bb8424a56397d8 security: - userAuth: - sp:auth-user:read responses: '200': description: The specified user's authentication system details. content: application/json: schema: $ref: '#/components/schemas/AuthUser' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchAuthUser tags: - Auth Users summary: Auth user update description: |- Use a PATCH request to update an existing user in the authentication system. Use this endpoint to modify these fields: * `capabilities` A '400.1.1 Illegal update attempt' detail code indicates that you attempted to PATCH a field that is not allowed. security: - userAuth: - sp:auth-user:manage parameters: - in: path name: id description: Identity ID required: true x-sailpoint-resource-operation-id: listIdentities schema: type: string example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true description: A list of auth user update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /capabilities value: - ORG_ADMIN responses: '200': description: Auth user updated. content: application/json: schema: $ref: '#/components/schemas/AuthUser' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /brandings: get: operationId: getBrandingList tags: - Branding summary: List of branding items description: This API endpoint returns a list of branding items. security: - userAuth: - idn:branding:read - applicationAuth: - idn:branding:read x-sailpoint-userLevels: - ORG_ADMIN responses: '200': description: A list of branding items. content: application/json: schema: type: array items: $ref: '#/components/schemas/BrandingItem' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createBrandingItem tags: - Branding summary: Create a branding item description: This API endpoint creates a branding item. requestBody: required: true content: multipart/form-data: schema: $ref: '#/components/schemas/BrandingItemCreate' security: - userAuth: - idn:branding:manage - applicationAuth: - idn:branding:manage x-sailpoint-userLevels: - ORG_ADMIN responses: '201': description: Branding item created content: application/json: schema: $ref: '#/components/schemas/BrandingItem' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /brandings/{name}: get: operationId: getBranding tags: - Branding summary: Get a branding item description: 'This API endpoint retrieves information for an existing branding item by name. ' security: - userAuth: - idn:branding:read - applicationAuth: - idn:branding:read x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: name schema: type: string required: true x-sailpoint-resource-operation-id: getBrandingList description: The name of the branding item to be retrieved example: default responses: '200': description: A branding item object content: application/json: schema: $ref: '#/components/schemas/BrandingItem' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: setBrandingItem tags: - Branding summary: Update a branding item description: This API endpoint updates information for an existing branding item. parameters: - in: path name: name schema: type: string required: true x-sailpoint-resource-operation-id: getBrandingList description: The name of the branding item to be retrieved example: default requestBody: required: true content: multipart/form-data: schema: $ref: '#/components/schemas/BrandingItemCreate' security: - userAuth: - idn:branding:manage - applicationAuth: - idn:branding:manage x-sailpoint-userLevels: - ORG_ADMIN responses: '200': description: Branding item updated content: application/json: schema: $ref: '#/components/schemas/BrandingItem' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteBranding tags: - Branding summary: Delete a branding item description: 'This API endpoint delete information for an existing branding item by name. ' security: - userAuth: - idn:branding:manage - applicationAuth: - idn:branding:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: name schema: type: string required: true x-sailpoint-resource-operation-id: getBrandingList description: The name of the branding item to be deleted example: default responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns: get: operationId: getActiveCampaigns tags: - Certification Campaigns summary: List campaigns description: | Use this API to get a list of campaigns. This API can provide increased level of detail for each campaign for the correct provided query. security: - userAuth: - idn:campaign:read - idn:campaign:manage - idn:campaign-report:read - idn:campaign-report:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN - REPORT_ADMIN parameters: - in: query name: detail schema: type: string enum: - SLIM - FULL required: false description: Determines whether slim, or increased level of detail is provided for each campaign in the returned list. Slim is the default behavior. example: FULL - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string required: false description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **status**: *eq, in* example: name eq "Manager Campaign" - in: query name: sorters schema: type: string format: comma-separated required: false description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created** example: name responses: '200': description: A list of campaign objects. By default list of SLIM campaigns is returned. content: application/json: schema: type: array items: anyOf: - $ref: '#/components/schemas/Campaign-2' - $ref: '#/components/schemas/SlimCampaign' examples: Slim Campaign: $ref: '#/components/examples/SlimCampaigns' Full Campaign: $ref: '#/components/examples/FullCampaigns' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createCampaign tags: - Certification Campaigns summary: Create a campaign description: | Use this API to create a certification campaign with the information provided in the request body. security: - userAuth: - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Campaign-2' examples: Manager: $ref: '#/components/examples/CreateCampaignManager' Search: $ref: '#/components/examples/CreateCampaignSearch' Source Owner: $ref: '#/components/examples/CreateCampaignSourceOwner' Role Composition: $ref: '#/components/examples/CreateCampaignRoleComposition' Machine Account: $ref: '#/components/examples/CreateCampaignMachineAccount' responses: '202': description: This response indicates that the requested campaign has been successfully accepted into the system, and its representation is returned by the API. content: application/json: schema: $ref: '#/components/schemas/Campaign-2' examples: Manager: $ref: '#/components/examples/FullCampaignManager' Search: $ref: '#/components/examples/FullCampaignSearch' Source Owner: $ref: '#/components/examples/FullCampaignSourceOwner' Role Composition: $ref: '#/components/examples/FullCampaignRoleComposition' Machine Account Owner: $ref: '#/components/examples/FullCampaignMachineAccount' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns/{id}: get: operationId: getCampaign tags: - Certification Campaigns summary: Get campaign description: | Use this API to get information for an existing certification campaign by the campaign's ID. security: - userAuth: - idn:campaign:read - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getActiveCampaigns description: ID of the campaign to be retrieved. example: 2c91808571bcfcf80171c23e4b4221fc - in: query name: detail schema: type: string enum: - SLIM - FULL required: false description: Determines whether slim, or increased level of detail is provided for each campaign in the returned list. Slim is the default behavior. example: FULL responses: '200': description: Requested campaign object. content: application/json: schema: anyOf: - $ref: '#/components/schemas/SlimCampaign' - $ref: '#/components/schemas/Campaign-2' examples: Manager: $ref: '#/components/examples/SlimCampaignManager' Search: $ref: '#/components/examples/SlimCampaignSearch' Source Owner: $ref: '#/components/examples/SlimCampaignSourceOwner' RoleComposition: $ref: '#/components/examples/SlimCampaignRoleComposition' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: updateCampaign tags: - Certification Campaigns summary: Update a campaign description: | Use this API to update individual fields on a certification campaign, using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. security: - userAuth: - idn:campaign:read - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getActiveCampaigns description: ID of the campaign template being modified. example: 2c91808571bcfcf80171c23e4b4221fc requestBody: required: true description: | A list of campaign update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The fields that can be patched differ based on the status of the campaign. When the campaign is in the *STAGED* status, you can patch these fields: * name * description * recommendationsEnabled * deadline * emailNotificationEnabled * autoRevokeAllowed When the campaign is in the *ACTIVE* status, you can patch these fields: * deadline content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /name value: This field has been updated! - op: copy from: /name path: /description responses: '200': description: This response indicates that the PATCH operation succeeded, and the API returns the campaign's new representation. content: application/json: schema: $ref: '#/components/schemas/SlimCampaign' examples: Manager: $ref: '#/components/examples/SlimCampaignManager' Search: $ref: '#/components/examples/SlimCampaignSearch' Source Owner: $ref: '#/components/examples/SlimCampaignSourceOwner' RoleComposition: $ref: '#/components/examples/SlimCampaignRoleComposition' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns/{id}/reassign: post: security: - userAuth: - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN operationId: move tags: - Certification Campaigns summary: Reassign certifications description: | This API reassigns the specified certifications from one identity to another. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getActiveCampaigns description: The certification campaign ID example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AdminReviewReassign' responses: '202': description: The reassign task that has been submitted. content: application/json: schema: $ref: '#/components/schemas/CertificationTask' example: id: 2c918086719eec070171a7e3355a360a type: ADMIN_REASSIGN targetType: CAMPAIGN targetId: 2c918086719eec070171a7e3355a834c status: QUEUED errors: [] created: '2020-09-24T18:10:47.693Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns/{id}/activate: post: operationId: startCampaign tags: - Certification Campaigns summary: Activate a campaign description: | Use this API to submit a job to activate the certified campaign with the specified ID. The campaign must be staged. security: - userAuth: - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN requestBody: description: Optional. If no timezone is specified, the standard UTC timezone is used (i.e. UTC+00:00). Although this can take any timezone, the intended value is the caller's timezone. The activation time calculated from the given timezone may cause the campaign deadline time to be modified, but it will remain within the original date. The timezone must be in a valid ISO 8601 format. required: false content: application/json: schema: $ref: '#/components/schemas/ActivateCampaignOptions' parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getActiveCampaigns description: Campaign ID. example: ef38f94347e94562b5bb8424a56397d8 responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns/{id}/complete: post: operationId: completeCampaign tags: - Certification Campaigns summary: Complete a campaign description: | :::caution This endpoint will run successfully for any campaigns that are **past due**. This endpoint will return a content error if the campaign is **not past due**. ::: Use this API to complete a certification campaign. This functionality is provided to admins so that they can complete a certification even if all items have not been completed. security: - userAuth: - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN requestBody: description: Optional. Default behavior is for the campaign to auto-approve upon completion, unless autoCompleteAction=REVOKE required: false content: application/json: schema: $ref: '#/components/schemas/CampaignCompleteOptions' parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getActiveCampaigns description: Campaign ID. example: ef38f94347e94562b5bb8424a56397d8 responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns/delete: post: operationId: deleteCampaigns tags: - Certification Campaigns summary: Delete campaigns description: | Use this API to delete certification campaigns whose IDs are specified in the provided list of campaign IDs. security: - userAuth: - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN requestBody: description: IDs of the campaigns to delete. required: true content: application/json: schema: $ref: '#/components/schemas/CampaignsDeleteRequest' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns/{id}/run-remediation-scan: post: operationId: startCampaignRemediationScan tags: - Certification Campaigns summary: Run campaign remediation scan description: | Use this API to run a remediation scan task for a certification campaign. security: - userAuth: - idn:campaign-report:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN - REPORT_ADMIN parameters: - in: path name: id schema: type: string example: 2c91808571bcfcf80171c23e4b4221fc required: true x-sailpoint-resource-operation-id: getActiveCampaigns description: ID of the campaign the remediation scan is being run for. responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns/{id}/reports: get: operationId: getCampaignReports tags: - Certification Campaigns summary: Get campaign reports description: | Use this API to fetch all reports for a certification campaign by campaign ID. security: - userAuth: - idn:campaign-report:read - idn:campaign-report:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN - REPORT_ADMIN parameters: - in: path name: id schema: type: string example: 2c91808571bcfcf80171c23e4b4221fc required: true x-sailpoint-resource-operation-id: getActiveCampaigns description: ID of the campaign whose reports are being fetched. responses: '200': description: Array of campaign report objects. content: application/json: schema: type: array items: $ref: '#/components/schemas/CampaignReport' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns/{id}/run-report/{type}: post: operationId: startCampaignReport tags: - Certification Campaigns summary: Run campaign report description: | Use this API to run a report for a certification campaign. security: - userAuth: - idn:campaign-report:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN - REPORT_ADMIN parameters: - in: path name: id schema: type: string example: 2c91808571bcfcf80171c23e4b4221fc required: true x-sailpoint-resource-operation-id: getActiveCampaigns description: ID of the campaign the report is being run for. - in: path name: type schema: $ref: '#/components/schemas/ReportType' required: true description: Type of the report to run. responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaigns/reports-configuration: get: operationId: getCampaignReportsConfig tags: - Certification Campaigns summary: Get campaign reports configuration description: | Use this API to fetch the configuration for certification campaign reports. The configuration includes only one element - identity attributes defined as custom report columns. security: - userAuth: - idn:campaign:read - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN responses: '200': description: Campaign report configuration. content: application/json: schema: $ref: '#/components/schemas/CampaignReportsConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: setCampaignReportsConfig tags: - Certification Campaigns summary: Set campaign reports configuration description: | Use this API to overwrite the configuration for campaign reports. security: - userAuth: - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN requestBody: required: true description: Campaign report configuration. content: application/json: schema: $ref: '#/components/schemas/CampaignReportsConfig' responses: '200': description: The persisted campaign report configuration. content: application/json: schema: $ref: '#/components/schemas/CampaignReportsConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaign-filters: post: operationId: createCampaignFilter tags: - Certification Campaign Filters summary: Create campaign filter description: Use this API to create a campaign filter based on filter details and criteria. security: - userAuth: - idn:campaign-filter:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CampaignFilterDetails' responses: '200': description: Created successfully. content: application/json: schema: $ref: '#/components/schemas/CampaignFilterDetails' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' get: operationId: listCampaignFilters tags: - Certification Campaign Filters summary: List campaign filters description: Use this API to list all campaign filters. You can reduce scope with standard V3 query parameters. security: - userAuth: - idn:campaign-filter:manage parameters: - $ref: '#/components/parameters/limit' - in: query name: start description: Start/Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. required: false example: 0 schema: type: integer format: int32 minimum: 0 default: 0 - in: query name: includeSystemFilters description: 'If this is true, the API includes system filters in the count and results. Otherwise it excludes them. If no value is provided, the default is true. ' required: false example: true schema: type: boolean default: true responses: '200': description: List of campaign filter objects. content: application/json: schema: type: object properties: items: type: array description: List of campaign filters. items: $ref: '#/components/schemas/CampaignFilterDetails' count: type: integer description: Number of filters returned. example: 2 example: items: - id: 5b8a2ba86393dd174495c4436dd76b25 name: IdentityAttribute Inclusion Campaign Filter description: IdentityAttribute Inclusion Campaign Filter owner: SailPoint Support mode: INCLUSION criteriaList: - type: IDENTITY_ATTRIBUTE property: displayName value: '#' operation: CONTAINS negateResult: false shortCircuit: false recordChildMatches: false id: null suppressMatchedItems: false children: null isSystemFilter: false - id: e9f9a1397b842fd5a65842087040d3ac name: Exclusion Campaign Filter description: Campaign filter for Exclusion update owner: SailPoint Support mode: EXCLUSION criteriaList: - type: IDENTITY_ATTRIBUTE property: displayName value: '#@' operation: CONTAINS negateResult: false shortCircuit: false recordChildMatches: false id: null suppressMatchedItems: false children: null isSystemFilter: false count: 2 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaign-filters/{id}: get: operationId: getCampaignFilterById tags: - Certification Campaign Filters summary: Get campaign filter by id description: Retrieves information for an existing campaign filter using the filter's ID. security: - userAuth: - idn:campaign-filter:read parameters: - in: path name: id schema: type: string example: e9f9a1397b842fd5a65842087040d3ac required: true x-sailpoint-resource-operation-id: listCampaignFilters description: The ID of the campaign filter to be retrieved. responses: '200': description: A campaign filter object. content: application/json: schema: $ref: '#/components/schemas/CampaignFilterDetails' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: updateCampaignFilter tags: - Certification Campaign Filters summary: Updates a campaign filter description: Updates an existing campaign filter using the filter's ID. security: - userAuth: - idn:campaign-filter:manage parameters: - in: path name: filterId schema: type: string example: e9f9a1397b842fd5a65842087040d3ac required: true x-sailpoint-resource-operation-id: listCampaignFilters description: The ID of the campaign filter being modified. requestBody: required: true description: A campaign filter details with updated field values. content: application/json: schema: $ref: '#/components/schemas/CampaignFilterDetails' responses: '200': description: Created successfully. content: application/json: schema: $ref: '#/components/schemas/CampaignFilterDetails' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaign-filters/delete: post: operationId: deleteCampaignFilters tags: - Certification Campaign Filters summary: Deletes campaign filters description: Deletes campaign filters whose Ids are specified in the provided list of campaign filter Ids. Authorized callers must be an ORG_ADMIN or a CERT_ADMIN. security: - userAuth: - idn:campaign-filter:manage requestBody: description: A json list of IDs of campaign filters to delete. required: true content: application/json: schema: type: array items: type: string example: - 0fbe863c063c4c88a35fd7f17e8a3df5 - 2efb374d392c4d88a34sv7b11e8a4eq6 responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaign-templates: post: operationId: createCampaignTemplate tags: - Certification Campaigns summary: Create a campaign template description: | Use this API to create a certification campaign template based on campaign. security: - userAuth: - idn:campaign-template:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CampaignTemplate' examples: Manager: $ref: '#/components/examples/CreateCampaignTemplateManager' Search: $ref: '#/components/examples/CreateCampaignTemplateSearch' Source Owner: $ref: '#/components/examples/CreateCampaignTemplateSourceOwner' RoleComposition: $ref: '#/components/examples/CreateCampaignTemplateRoleComposition' responses: '200': description: Created successfully. content: application/json: schema: $ref: '#/components/schemas/CampaignTemplate' examples: Manager: $ref: '#/components/examples/CampaignTemplateManager' Search: $ref: '#/components/examples/CampaignTemplateSearch' Source Owner: $ref: '#/components/examples/CampaignTemplateSourceOwner' RoleComposition: $ref: '#/components/examples/CampaignTemplateRoleComposition' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' get: operationId: getCampaignTemplates tags: - Certification Campaigns summary: List campaign templates description: | Use this API to get a list of all campaign templates. Scope can be reduced through standard V3 query params. The API returns all campaign templates matching the query parameters. security: - userAuth: - idn:campaign-template:read - idn:campaign-template:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified** example: name - in: query name: filters schema: type: string format: comma-separated description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **name**: *eq, ge, gt, in, le, lt, ne, sw* **id**: *eq, ge, gt, in, le, lt, ne, sw* example: name eq "manager template" responses: '200': description: List of campaign template objects. content: application/json: schema: type: array items: $ref: '#/components/schemas/CampaignTemplate' example: - id: e7dbec99d49349c8951bd84f58a05120 name: Manager Review created: '2022-08-02T19:16:42.632Z' modified: null description: A review of everyone's access by their manager. deadlineDuration: P14D ownerRef: email: support@testmail.identitysoon.com type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support scheduled: false campaign: created: null modified: null filter: type: CAMPAIGN_FILTER id: e0adaae69852e8fe8b8a3d48e5ce757c name: Test Manager Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: null roleCompositionCampaignInfo: null alerts: null totalCertifications: null completedCertifications: null sourcesWithOrphanEntitlements: null id: null name: Manager Review description: Review everyone's access. deadline: null type: MANAGER status: null emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false mandatoryCommentRequirement: NO_DECISIONS - id: b7e6459eed5247ac8b98a5fed81fe27f name: Reporting Access Review created: '2022-07-28T19:19:40.035Z' modified: null description: A review of everyone's access to the reporting system. deadlineDuration: P14D ownerRef: email: support@testmail.identitysoon.com type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support scheduled: false campaign: created: null modified: null filter: type: CAMPAIGN_FILTER id: e0adaae69852e8fe8b8a3d48e5ce757c name: Test Search Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: type: ACCESS description: Identities with reporting abilities reviewerId: null reviewer: null query: '@access(name: ("reporter"))' identityIds: null accessConstraints: [] roleCompositionCampaignInfo: null alerts: null totalCertifications: null completedCertifications: null sourcesWithOrphanEntitlements: null id: null name: Search Campaign description: Review everyone's access to the reporting system. deadline: null type: SEARCH status: null emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false mandatoryCommentRequirement: NO_DECISIONS - id: b9f41bc69e7a4291b9de0630396d030d name: Campaign With Admin Role created: '2022-08-02T13:40:36.857Z' modified: null description: Campaign With Admin Role deadlineDuration: null ownerRef: email: support@testmail.identitysoon.com type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support scheduled: false campaign: created: null modified: null filter: null sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: null roleCompositionCampaignInfo: remediatorRef: type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support reviewerId: null reviewer: null roleIds: - b15d609fc5c8434b865fe552315fda8f query: null description: null alerts: null totalCertifications: null completedCertifications: null sourcesWithOrphanEntitlements: null id: null name: Campaign With Admin Role description: Campaign With Admin Role deadline: null type: ROLE_COMPOSITION status: null emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false mandatoryCommentRequirement: NO_DECISIONS - id: b9f41bc69e7a4291b9de0630396d030d name: AD Source Review created: '2022-08-02T13:40:36.857Z' modified: null description: A review of our AD source. deadlineDuration: P1M ownerRef: email: support@testmail.identitysoon.com type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support scheduled: false campaign: created: null modified: null filter: type: CAMPAIGN_FILTER id: e0adaae69852e8fe8b8a3d48e5ce757c name: Test Source Owner Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: sourceIds: - 2c918084707deba501709d45ce4e5569 searchCampaignInfo: null roleCompositionCampaignInfo: null alerts: null totalCertifications: null completedCertifications: null sourcesWithOrphanEntitlements: null id: null name: AD Source Review description: Review everyone's access. deadline: null type: SOURCE_OWNER status: null emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false correlatedStatus: CORRELATED mandatoryCommentRequirement: NO_DECISIONS '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaign-templates/{id}: patch: operationId: patchCampaignTemplate tags: - Certification Campaigns summary: Update a campaign template description: | Use this API to update individual fields on a certification campaign template, using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. security: - userAuth: - idn:campaign-template:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getCampaignTemplates description: ID of the campaign template being modified. example: 2c9180835d191a86015d28455b4a2329 requestBody: required: true description: | A list of campaign update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * name * description * deadlineDuration * campaign (all fields that are allowed during create) content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /description value: Updated description! - op: replace path: /campaign/filter/id value: ff80818155fe8c080155fe8d925b0316 responses: '200': description: This response indicates that the PATCH operation succeeded, and the API returns the template's new representation. content: application/json: schema: $ref: '#/components/schemas/CampaignTemplate' examples: Manager: $ref: '#/components/examples/CampaignTemplateManager' Search: $ref: '#/components/examples/CampaignTemplateSearch' Source Owner: $ref: '#/components/examples/CampaignTemplateSourceOwner' RoleComposition: $ref: '#/components/examples/CampaignTemplateRoleComposition' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' get: operationId: getCampaignTemplate tags: - Certification Campaigns summary: Get a campaign template description: | Use this API to fetch a certification campaign template by ID. security: - userAuth: - idn:campaign-template:read - idn:campaign-template:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getCampaignTemplates description: Requested campaign template's ID. example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: Data for the campaign matching the given ID. content: application/json: schema: $ref: '#/components/schemas/CampaignTemplate' examples: Manager: $ref: '#/components/examples/CampaignTemplateManager' Search: $ref: '#/components/examples/CampaignTemplateSearch' Source Owner: $ref: '#/components/examples/CampaignTemplateSourceOwner' RoleComposition: $ref: '#/components/examples/CampaignTemplateRoleComposition' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteCampaignTemplate tags: - Certification Campaigns summary: Delete a campaign template description: | Use this API to delete a certification campaign template by ID. security: - userAuth: - idn:campaign-template:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getCampaignTemplates description: ID of the campaign template being deleted. example: 2c9180835d191a86015d28455b4a2329 responses: '204': $ref: '#/components/responses/204' description: The campaign template was successfully deleted. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaign-templates/{id}/schedule: get: operationId: getCampaignTemplateSchedule tags: - Certification Campaigns summary: Get campaign template schedule description: | Use this API to get the schedule for a certification campaign template. The API returns a 404 if there is no schedule set. security: - userAuth: - idn:campaign-temlates:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getCampaignTemplates description: ID of the campaign template whose schedule is being fetched. example: 04bedce387bd47b2ae1f86eb0bb36dee responses: '200': description: Current schedule for the campaign template. See the [Set Campaign Template Schedule endpoint documentation](https://developer.sailpoint.com/docs/api/v3/set-campaign-template-schedule) for more examples. content: application/json: schema: $ref: '#/components/schemas/Schedule-2' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: setCampaignTemplateSchedule tags: - Certification Campaigns summary: Set campaign template schedule description: | Use this API to set the schedule for a certification campaign template. If a schedule already exists, the API overwrites it with the new one. security: - userAuth: - idn:campaign-template:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getCampaignTemplates description: ID of the campaign template being scheduled. example: 04bedce387bd47b2ae1f86eb0bb36dee requestBody: content: application/json: schema: $ref: '#/components/schemas/Schedule-2' examples: Monthly: description: Runs on the 15th and last day of the month, at 5PM. value: type: MONTHLY hours: type: LIST values: - '17' days: type: LIST values: - '15' Once a year: description: Runs every January 1st at midnight. value: type: ANNUALLY hours: type: LIST values: - '0' days: type: LIST values: - '--01-01' Quarterly: description: Runs once a quarter (every 3 months) on the first of the month at 1AM. value: type: ANNUALLY hours: type: LIST values: - '1' days: type: LIST values: - '1' months: type: LIST values: - '1' interval: 3 Yearly on Specific Days: description: Runs on March 12 and December 5 at 1AM, every year. value: type: ANNUALLY hours: type: LIST values: - '1' days: type: LIST values: - '--03-12' - '--12-05' On a Specific Date: description: Runs at 1AM on February 18th, 2020 value: type: CALENDAR hours: type: LIST values: - '1' days: type: LIST values: - '2020-02-18' responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteCampaignTemplateSchedule tags: - Certification Campaigns summary: Delete campaign template schedule description: | Use this API to delete the schedule for a certification campaign template. The API returns a 404 if there is no schedule set. security: - userAuth: - idn:campaign-template:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getCampaignTemplates description: ID of the campaign template whose schedule is being deleted. example: 04bedce387bd47b2ae1f86eb0bb36dee responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /campaign-templates/{id}/generate: post: operationId: startGenerateCampaignTemplate tags: - Certification Campaigns summary: Generate a campaign from template security: - userAuth: - idn:campaign-template:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN description: | Use this API to generate a new certification campaign from a campaign template. The campaign object contained in the template has special formatting applied to its name and description fields that determine the generated campaign's name/description. Placeholders in those fields are formatted with the current date and time upon generation. Placeholders consist of a percent sign followed by a letter indicating what should be inserted. For example, "%Y" inserts the current year, and a campaign template named "Campaign for %y" generates a campaign called "Campaign for 2020" (assuming the year at generation time is 2020). Valid placeholders are the date/time conversion suffix characters supported by [java.util.Formatter](https://docs.oracle.com/javase/8/docs/api/java/util/Formatter.html). parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getCampaignTemplates description: ID of the campaign template to use for generation. example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: This response indicates that a campaign was successfully generated from this template, and the API returns a reference to the new campaign. content: application/json: schema: $ref: '#/components/schemas/CampaignReference' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications: get: operationId: listIdentityCertifications tags: - Certifications summary: List identity campaign certifications description: Use this API to get a list of identity campaign certifications for the specified query parameters. Any authenticated token can call this API, but only certifications you are authorized to review will be returned. This API does not support requests for certifications assigned to governance groups. parameters: - in: query name: reviewer-identity schema: type: string example: me description: Reviewer's identity. *me* indicates the current user. required: false - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters required: false schema: type: string example: id eq "ef38f94347e94562b5bb8424a56397d8" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **campaign.id**: *eq, in* **phase**: *eq* **completed**: *eq* - in: query name: sorters required: false schema: type: string format: comma-separated example: name,due description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, due, signed** responses: '200': description: List of identity campaign certifications. content: application/json: schema: type: array items: $ref: '#/components/schemas/IdentityCertificationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:campaign:read /certifications/{id}: get: operationId: getIdentityCertification tags: - Certifications summary: Identity certification by id security: - userAuth: - idn:campaign:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN description: This API returns a single identity campaign certification by its ID. Reviewers for this certification can also call this API. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The certification id example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: An identity campaign certification object content: application/json: schema: $ref: '#/components/schemas/IdentityCertificationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{id}/access-review-items: get: operationId: listIdentityAccessReviewItems tags: - Certifications summary: List of access review items security: - userAuth: - idn:campaign:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN description: This API returns a list of access review items for an identity campaign certification. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The identity campaign certification ID example: ef38f94347e94562b5bb8424a56397d8 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query required: false name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **type**: *eq* **access.type**: *eq* **completed**: *eq, ne* **identitySummary.id**: *eq, in* **identitySummary.name**: *eq, sw* **access.id**: *eq, in* **access.name**: *eq, sw* **entitlement.sourceName**: *eq, sw* **accessProfile.sourceName**: *eq, sw* example: id eq "ef38f94347e94562b5bb8424a56397d8" - in: query name: sorters required: false schema: type: string format: comma-separated example: access.name,-accessProfile.sourceName description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **identitySummary.name, access.name, access.type, entitlement.sourceName, accessProfile.sourceName** - in: query name: entitlements required: false schema: type: string example: identityEntitlement description: |- Filter results to view access review items that pertain to any of the specified comma-separated entitlement IDs. An error will occur if this param is used with **access-profiles** or **roles** as only one of these query params can be used at a time. - in: query name: access-profiles required: false schema: type: string example: accessProfile1 description: |- Filter results to view access review items that pertain to any of the specified comma-separated access-profle IDs. An error will occur if this param is used with **entitlements** or **roles** as only one of these query params can be used at a time. - in: query name: roles required: false schema: type: string example: userRole description: |- Filter results to view access review items that pertain to any of the specified comma-separated role IDs. An error will occur if this param is used with **entitlements** or **access-profiles** as only one of these query params can be used at a time. responses: '200': description: A list of access review items content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessReviewItem' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{id}/decide: post: operationId: makeIdentityDecision tags: - Certifications summary: Decide on a certification item security: - userAuth: - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN description: The API makes a decision to approve or revoke one or more identity campaign certification items. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The ID of the identity campaign certification on which to make decisions example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true description: A non-empty array of decisions to be made. content: application/json: schema: type: array items: $ref: '#/components/schemas/ReviewDecision' minItems: 1 maxItems: 250 example: - id: ef38f94347e94562b5bb8424a56396b5 decision: APPROVE bulk: true comments: This user still needs access to this source. - id: ef38f94347e94562b5bb8424a56397d8 decision: APPROVE bulk: true comments: This user still needs access to this source too. responses: '200': description: An identity campaign certification object content: application/json: schema: $ref: '#/components/schemas/IdentityCertificationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{id}/reassign: post: operationId: reassignIdentityCertifications tags: - Certifications summary: Reassign identities or items description: This API reassigns up to 50 identities or items in an identity campaign certification to another reviewer. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The identity campaign certification ID example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ReviewReassign' responses: '200': description: An identity campaign certification details after completing the reassignment. content: application/json: schema: $ref: '#/components/schemas/IdentityCertificationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:campaign:manage /certifications/{id}/sign-off: post: operationId: signOffIdentityCertification tags: - Certifications summary: Finalize identity certification decisions security: - userAuth: - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN description: This API finalizes all decisions made on an identity campaign certification and initiates any remediations required. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The identity campaign certification ID example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: An identity campaign certification object content: application/json: schema: $ref: '#/components/schemas/IdentityCertificationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{id}/decision-summary: get: operationId: getIdentityDecisionSummary tags: - Certification Summaries summary: Summary of certification decisions security: - userAuth: - idn:campaign:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN description: This API returns a summary of the decisions made on an identity campaign certification. The decisions are summarized by type. Reviewers for this certification can also call this API. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The certification ID example: ef38f94347e94562b5bb8424a56397d8 - in: query name: filters required: false schema: type: string example: identitySummary.id eq "ef38f94347e94562b5bb8424a56397d8" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **identitySummary.id**: *eq, in* responses: '200': description: Summary of the decisions made content: application/json: schema: $ref: '#/components/schemas/IdentityCertDecisionSummary' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{id}/identity-summaries: get: operationId: getIdentitySummaries tags: - Certification Summaries summary: Identity summaries for campaign certification security: - userAuth: - idn:campaign:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN description: This API returns a list of the identity summaries for a specific identity campaign certification. Reviewers for this certification can also call this API. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The identity campaign certification ID example: ef38f94347e94562b5bb8424a56397d8 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters required: false schema: type: string example: id eq "ef38f94347e94562b5bb8424a56397d8" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **completed**: *eq, ne* **name**: *eq, sw* - in: query name: sorters required: false schema: type: string format: comma-separated example: name description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name** responses: '200': description: List of identity summaries content: application/json: schema: type: array items: $ref: '#/components/schemas/CertificationIdentitySummary' example: - id: 2c91808772a504f50172a9540e501ba7 name: Aaron Grey identityId: 2c9180857182306001719937379633e4 completed: false - id: 2c91808772a504f50172a9540e501ba8 name: Aglae Wilson identityId: 2c9180857182306001719937377a33de completed: true '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{id}/access-summaries/{type}: get: operationId: getIdentityAccessSummaries tags: - Certification Summaries summary: Access summaries description: This API returns a list of access summaries for the specified identity campaign certification and type. Reviewers for this certification can also call this API. security: - userAuth: - idn:campaign:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The identity campaign certification ID example: ef38f94347e94562b5bb8424a56397d8 - in: path name: type schema: type: string enum: - ROLE - ACCESS_PROFILE - ENTITLEMENT required: true description: The type of access review item to retrieve summaries for example: ACCESS_PROFILE - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters required: false schema: type: string example: access.id eq "ef38f94347e94562b5bb8424a56397d8" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **completed**: *eq, ne* **access.id**: *eq, in* **access.name**: *eq, sw* **entitlement.sourceName**: *eq, sw* **accessProfile.sourceName**: *eq, sw* - in: query name: sorters required: false schema: type: string format: comma-separated example: access.name description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **access.name** responses: '200': description: List of access summaries content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessSummary' example: - access: type: ENTITLEMENT id: 2c9180857182305e01719937429e2bad name: CN=Engineering entitlement: id: 2c9180857182305e01719937429e2bad name: CN=Engineering description: Access to the engineering database privileged: false owner: email: brandon.gray@acme-solar.com type: IDENTITY id: 2c9180867160846801719932c5153fb7 name: Brandon Gray attributeName: memberOf attributeValue: CN=Engineering sourceName: ODS-AD-Source hasPermissions: true revocable: true containsDataAccess: true dataAccess: policies: - value: GDPR-1 - value: GDPR-2 categories: - value: email-7 matchCount: 74 - value: email-9 matchCount: 30 impactScore: value: Medium '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{id}/identity-summaries/{identitySummaryId}: get: operationId: getIdentitySummary tags: - Certification Summaries summary: Summary for identity security: - userAuth: - idn:campaign:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN description: This API returns the summary for an identity on a specified identity campaign certification. Reviewers for this certification can also call this API. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The identity campaign certification ID example: ef38f94347e94562b5bb8424a56397d8 - in: path name: identitySummaryId schema: type: string required: true x-sailpoint-resource-operation-id: getIdentitySummaries description: The identity summary ID example: 2c91808772a504f50172a9540e501ba8 responses: '200': description: An identity summary content: application/json: schema: $ref: '#/components/schemas/CertificationIdentitySummary' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{certificationId}/access-review-items/{itemId}/permissions: get: operationId: getIdentityCertificationItemPermissions tags: - Certifications summary: Permissions for entitlement certification item description: This API returns the permissions associated with an entitlement certification item based on the certification item's ID. Reviewers for this certification can also call this API. security: - userAuth: - idn:campaign:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **target**: *eq, sw* **rights**: *ca* Supported composite operators: *and, or* All field values (second filter operands) are case-insensitive for this API. Only a single *and* or *or* composite filter operator may be used. It must also be used between a target filter and a rights filter, not between 2 filters for the same field. For example, the following is valid: `?filters=rights+ca+(%22CREATE%22)+and+target+eq+%22SYS.OBJAUTH2%22` The following is invalid: 1?filters=rights+ca+(%22CREATE%22)+and+rights+ca+(%SELECT%22)1 example: target eq "SYS.OBJAUTH2" - in: path name: certificationId schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The certification ID example: ef38f94347e94562b5bb8424a56397d8 - in: path name: itemId schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityAccessReviewItems description: The certification item ID example: 2c91808671bcbab40171bd945d961227 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' responses: '200': description: A list of permissions associated with the given itemId content: application/json: schema: type: array items: $ref: '#/components/schemas/PermissionDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{id}/reviewers: get: operationId: listCertificationReviewers tags: - Certifications summary: List of reviewers for certification description: This API returns a list of reviewers for the certification. Reviewers for this certification can also call this API. security: - userAuth: - idn:campaign:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The certification ID example: ef38f94347e94562b5bb8424a56397d8 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **email**: *eq, sw* example: name eq "Bob" - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, email** example: name responses: '200': description: A list of reviewers content: application/json: schema: type: array items: $ref: '#/components/schemas/IdentityReferenceWithNameAndEmail' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certifications/{id}/reassign-async: post: operationId: submitReassignCertsAsync tags: - Certifications summary: Reassign certifications asynchronously description: | This API initiates a task to reassign up to 500 identities or items in an identity campaign certification to another reviewer. The `certification-tasks` API can be used to get an updated status on the task and determine when the reassignment is complete. Reviewers for this certification can also call this API. security: - userAuth: - idn:campaign:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentityCertifications description: The identity campaign certification ID example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ReviewReassign' responses: '200': description: A certification task object for the reassignment which can be queried for status. content: application/json: schema: $ref: '#/components/schemas/CertificationTask' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certification-tasks/{id}: get: operationId: getCertificationTask tags: - Certifications summary: Certification task by id description: This API returns the certification task for the specified ID. Reviewers for the specified certification can also call this API. security: - userAuth: - idn:campaign:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getPendingCertificationTasks description: The task ID example: 63b32151-26c0-42f4-9299-8898dc1c9daa responses: '200': description: A certification task content: application/json: schema: $ref: '#/components/schemas/CertificationTask' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /certification-tasks: get: operationId: getPendingCertificationTasks tags: - Certifications summary: List of pending certification tasks description: This API returns a list of pending (`QUEUED` or `IN_PROGRESS`) certification tasks. Any authenticated token can call this API, but only certification tasks you are authorized to review will be returned. security: - userAuth: - idn:campaign:read parameters: - in: query name: reviewer-identity schema: type: string example: Ada.1de82e55078344 description: The ID of reviewer identity. *me* indicates the current user. required: false - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string example: type eq "ADMIN_REASSIGN" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **targetId**: *eq, in* **type**: *eq, in* responses: '200': description: A list of pending certification tasks content: application/json: schema: type: array items: $ref: '#/components/schemas/CertificationTask' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /connector-customizers: get: tags: - Connector Customizers operationId: listConnectorCustomizers summary: List all connector customizers description: List all connector customizers. parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' responses: '200': description: List all connector customizers. content: application/json: schema: type: array items: $ref: '#/components/schemas/ConnectorCustomizersResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:connector:read x-sailpoint-userLevels: - ORG_ADMIN post: tags: - Connector Customizers operationId: createConnectorCustomizer summary: Create connector customizer description: Create a connector customizer. requestBody: required: true description: Connector customizer to create. content: application/json: schema: $ref: '#/components/schemas/ConnectorCustomizerCreateRequest' responses: '201': description: Created connector customizer. content: application/json: schema: $ref: '#/components/schemas/ConnectorCustomizerCreateResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:connector:manage x-sailpoint-userLevels: - ORG_ADMIN /connector-customizers/{id}: get: tags: - Connector Customizers summary: Get connector customizer operationId: getConnectorCustomizer description: Gets connector customizer by ID. parameters: - name: id in: path description: ID of the connector customizer to get. required: true schema: type: string example: b07dc46a-1498-4de8-bfbb-259a68e70c8a x-sailpoint-resource-operation-id: listConnectorCustomizers responses: '200': description: Connector customizer with the given ID. content: application/json: schema: $ref: '#/components/schemas/ConnectorCustomizersResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:connector:read x-sailpoint-userLevels: - ORG_ADMIN put: tags: - Connector Customizers summary: Update connector customizer description: 'Update an existing connector customizer with the one provided in the request body. These fields are immutable: `id`, `name`, `type`.' operationId: putConnectorCustomizer parameters: - name: id in: path description: ID of the connector customizer to update. required: true schema: type: string example: b07dc46a-1498-4de8-bfbb-259a68e70c8a x-sailpoint-resource-operation-id: listConnectorCustomizers requestBody: description: Connector rule with updated data. content: application/json: schema: $ref: '#/components/schemas/ConnectorCustomizerUpdateRequest' responses: '200': description: Updated connector customizer. content: application/json: schema: $ref: '#/components/schemas/ConnectorCustomizerUpdateResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:connector:manage x-sailpoint-userLevels: - ORG_ADMIN delete: tags: - Connector Customizers summary: Delete connector customizer description: Delete the connector customizer for the given ID. operationId: deleteConnectorCustomizer parameters: - name: id in: path description: ID of the connector customizer to delete. required: true schema: type: string example: b07dc46a-1498-4de8-bfbb-259a68e70c8a x-sailpoint-resource-operation-id: listConnectorCustomizers responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:connector:manage x-sailpoint-userLevels: - ORG_ADMIN /connector-customizers/{id}/versions: post: operationId: createConnectorCustomizerVersion security: - userAuth: - sp:connector:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Connector Customizers summary: Creates a connector customizer version description: Creates a new version for the customizer. parameters: - in: path name: id schema: type: string required: true description: The id of the connector customizer. example: b07dc46a-1498-4de8-bfbb-259a68e70c8a x-sailpoint-resource-operation-id: listConnectorCustomizers responses: '200': description: The created connector customizer version object. content: application/json: schema: $ref: '#/components/schemas/ConnectorCustomizerVersionCreateResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/object-mappings/{sourceOrg}: get: operationId: getObjectMappings security: - userAuth: - sp:config-object-mapping:read - sp:config-object-mapping:manage tags: - Configuration Hub summary: Gets list of object mappings description: |- This gets a list of existing object mappings between current org and source org. Source org should be "default" when getting object mappings that are not associated to any particular org. The request will need the following security scope: - sp:config-object-mapping:read parameters: - in: path name: sourceOrg schema: type: string required: true description: The name of the source org. example: source-org responses: '200': description: List of existing object mappings between current org and source org. content: application/json: schema: type: array items: $ref: '#/components/schemas/ObjectMappingResponse' example: - objectMappingId: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4 objectType: GOVERNANCE_GROUP jsonPath: $.description sourceValue: Sample Governance Group targetValue: Sample Governance Group - Updated enabled: true created: '2024-03-19T23:18:53.732Z' modified: '2024-03-19T23:18:53.732Z' - objectMappingId: e1d5cb80-65e2-4f92-ae2e-9588f61cc4cd objectType: IDENTITY jsonPath: $.name sourceValue: SailPoint Support targetValue: john.doe enabled: false created: '2024-03-19T23:18:06.238Z' modified: '2024-03-19T23:18:06.238Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createObjectMapping security: - userAuth: - sp:config-object-mapping:manage tags: - Configuration Hub summary: Creates an object mapping description: |- This creates an object mapping between current org and source org. Source org should be "default" when creating an object mapping that is not to be associated to any particular org. The request will need the following security scope: - sp:config-object-mapping:manage parameters: - in: path name: sourceOrg schema: type: string required: true description: The name of the source org. example: source-org requestBody: description: The object mapping request body. required: true content: application/json: schema: $ref: '#/components/schemas/ObjectMappingRequest' example: objectType: GOVERNANCE_GROUP jsonPath: $.description sourceValue: Sample Governance Group targetValue: Sample Governance Group - Updated enabled: true responses: '200': description: The created object mapping between current org and source org. content: application/json: schema: $ref: '#/components/schemas/ObjectMappingResponse' example: objectMappingId: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4 objectType: GOVERNANCE_GROUP jsonPath: $.description sourceValue: Sample Governance Group targetValue: Sample Governance Group - Updated enabled: true created: '2024-03-19T23:18:53.732Z' modified: '2024-03-19T23:18:53.732Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/object-mappings/{sourceOrg}/{objectMappingId}: delete: operationId: deleteObjectMapping security: - userAuth: - sp:config-object-mapping:manage tags: - Configuration Hub summary: Deletes an object mapping description: |- This deletes an existing object mapping. Source org should be "default" when deleting an object mapping that is not associated to any particular org. The request will need the following security scope: - sp:config-object-mapping:manage parameters: - in: path name: sourceOrg schema: type: string required: true description: The name of the source org. example: source-org - in: path name: objectMappingId schema: type: string required: true description: The id of the object mapping to be deleted. example: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4 responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/object-mappings/{sourceOrg}/bulk-create: post: operationId: createObjectMappings security: - userAuth: - sp:config-object-mapping:manage tags: - Configuration Hub summary: Bulk creates object mappings description: |- This creates a set of object mappings (Max 25) between current org and source org. Source org should be "default" when creating object mappings that are not to be associated to any particular org. The request will need the following security scope: - sp:config-object-mapping:manage parameters: - in: path name: sourceOrg schema: type: string required: true description: The name of the source org. example: source-org requestBody: description: The bulk create object mapping request body. required: true content: application/json: schema: $ref: '#/components/schemas/ObjectMappingBulkCreateRequest' example: newObjectsMappings: - objectType: SOURCE jsonPath: $.name sourceValue: Original SOURCE Name targetValue: New SOURCE Name enabled: true - objectType: IDENTITY jsonPath: $.name sourceValue: Original IDENTITY Name targetValue: 'New IDENTITY Name ' enabled: true responses: '200': description: The created object mapping between current org and source org. content: application/json: schema: $ref: '#/components/schemas/ObjectMappingBulkCreateResponse' example: addedObjects: - objectMappingId: 603b1a61-d03d-4ed1-864f-a508fbd1995d objectType: SOURCE jsonPath: $.name sourceValue: Original SOURCE Name targetValue: New SOURCE Name enabled: true created: '2024-03-25T15:50:41.314Z' modified: '2024-03-25T15:50:41.299Z' - objectMappingId: 00bece34-f50d-4227-8878-76f620b5a971 objectType: IDENTITY jsonPath: $.name sourceValue: Original IDENTITY Name targetValue: 'New IDENTITY Name ' enabled: true created: '2024-03-25T15:50:41.316Z' modified: '2024-03-25T15:50:41.316Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/object-mappings/{sourceOrg}/bulk-patch: post: operationId: updateObjectMappings security: - userAuth: - sp:config-object-mapping:manage tags: - Configuration Hub summary: Bulk updates object mappings description: |- This updates a set of object mappings, only enabled and targetValue fields can be updated. Source org should be "default" when updating object mappings that are not associated to any particular org. The request will need the following security scope: - sp:config-object-mapping:manage parameters: - in: path name: sourceOrg schema: type: string required: true description: The name of the source org. example: source-org requestBody: description: The object mapping request body. required: true content: application/json: schema: $ref: '#/components/schemas/ObjectMappingBulkPatchRequest' example: patches: 603b1a61-d03d-4ed1-864f-a508fbd1995d: - op: replace path: /enabled value: true 00bece34-f50d-4227-8878-76f620b5a971: - op: replace path: /targetValue value: New Target Value responses: '200': description: The updated object mappings. content: application/json: schema: $ref: '#/components/schemas/ObjectMappingBulkPatchResponse' example: patchedObjects: - objectMappingId: 603b1a61-d03d-4ed1-864f-a508fbd1995d objectType: SOURCE jsonPath: $.name sourceValue: Original SOURCE Name targetValue: New SOURCE Name enabled: true created: '2024-03-25T15:50:41.314Z' modified: '2024-03-25T15:50:41.299Z' - objectMappingId: 00bece34-f50d-4227-8878-76f620b5a971 objectType: IDENTITY jsonPath: $.name sourceValue: Original IDENTITY Name targetValue: 'New IDENTITY Name ' enabled: true created: '2024-03-25T15:50:41.316Z' modified: '2024-03-25T15:50:41.316Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/scheduled-actions: get: operationId: listScheduledActions security: - userAuth: - sp:config-scheduled-action:read - sp:config-scheduled-action:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Configuration Hub summary: List scheduled actions description: This API gets a list of existing scheduled actions for the current tenant. responses: '200': description: List of existing scheduled actions. content: application/json: schema: type: array items: $ref: '#/components/schemas/ScheduledActionResponse' example: - id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde created: '2024-08-16T14:16:58.389Z' jobType: BACKUP content: name: Backup Name backupOptions: includeTypes: - SOURCE - IDENTITY objectOptions: [] startTime: '2024-08-16T14:16:58.389Z' cronString: 0 0 * * * * '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createScheduledAction security: - userAuth: - sp:config-scheduled-action:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Configuration Hub summary: Create scheduled action description: This API creates a new scheduled action for the current tenant. requestBody: description: The scheduled action creation request body. required: true content: application/json: schema: $ref: '#/components/schemas/ScheduledActionPayload' example: jobType: BACKUP startTime: '2024-08-16T14:16:58.389Z' cronString: 0 0 12 * * * * timeZoneId: America/Chicago content: name: Daily Backup backupOptions: includeTypes: - SOURCE - IDENTITY objectOptions: SOURCE: includedNames: - Source1 - Source2 responses: '200': description: The created scheduled action. content: application/json: schema: $ref: '#/components/schemas/ScheduledActionResponse' example: id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde created: '2024-08-16T14:16:58.389Z' jobType: BACKUP content: name: Daily Backup backupOptions: includeTypes: - SOURCE - IDENTITY objectOptions: SOURCE: includedNames: - Source1 - Source2 startTime: '2024-08-16T14:16:58.389Z' cronString: 0 0 12 * * * * '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/scheduled-actions/{id}: patch: operationId: updateScheduledAction security: - userAuth: - sp:config-scheduled-action:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Configuration Hub summary: Update scheduled action description: This API updates an existing scheduled action using JSON Patch format. parameters: - in: path name: scheduledActionId schema: type: string required: true description: The ID of the scheduled action. example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde x-sailpoint-resource-operation-id: listScheduledActions requestBody: description: The JSON Patch document containing the changes to apply to the scheduled action. required: true content: application/json-patch+json: schema: $ref: '#/components/schemas/JsonPatch' example: - op: replace path: /content/name value: Updated Backup Name - op: replace path: /cronString value: 0 0 9 * * ? responses: '200': description: The updated scheduled action. content: application/json: schema: $ref: '#/components/schemas/ScheduledActionResponse' example: id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde created: '2024-08-16T14:16:58.389Z' jobType: BACKUP content: name: Updated Backup Name backupOptions: includeTypes: - SOURCE - IDENTITY objectOptions: SOURCE: includedNames: - Source1 - Source2 startTime: '2024-08-16T14:16:58.389Z' cronString: 0 0 9 * * ? '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteScheduledAction security: - userAuth: - sp:config-scheduled-action:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Configuration Hub summary: Delete scheduled action description: This API deletes an existing scheduled action. parameters: - in: path name: scheduledActionId schema: type: string required: true description: The ID of the scheduled action. example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde x-sailpoint-resource-operation-id: listScheduledActions responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/backups/uploads: get: operationId: listUploadedConfigurations security: - userAuth: - sp:config-backup:read - sp:config-backup:manage tags: - Configuration Hub summary: List uploaded configurations description: This API gets a list of existing uploaded configurations for the current tenant. parameters: - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **status**: *eq* example: status eq "COMPLETE" required: false responses: '200': description: List of existing uploaded configurations. content: application/json: schema: type: array items: $ref: '#/components/schemas/BackupResponse' example: - jobId: 281d421c-0643-4004-9fe5-29a95d2f73df status: COMPLETE type: BACKUP tenant: someTenant requesterName: support fileExists: true created: '2024-03-07T21:11:00.375Z' modified: '2024-03-07T21:11:25.046Z' completed: '2024-03-07T21:11:00.66Z' name: test1 userCanDelete: false isPartial: false backupType: UPLOADED hydrationStatus: HYDRATED totalObjectCount: 64 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createUploadedConfiguration security: - userAuth: - sp:config-backup:manage tags: - Configuration Hub summary: Upload a configuration description: |- This API uploads a JSON configuration file into a tenant. Configuration files can be managed and deployed via Configuration Hub by uploading a json file which contains configuration data. The JSON file should be the same as the one used by our import endpoints. The object types supported by upload configuration file functionality are the same as the ones supported by our regular backup functionality. Refer to [SaaS Configuration](https://developer.sailpoint.com/docs/extensibility/configuration-management/saas-configuration#supported-objects) for more information about supported objects. requestBody: description: | The body will consist of "data" which should contain the json file and name wish should be the name you want to assign to the uploaded file" __Example__ data: "uploaded.json", name: "A_NEW_UPLOADED_BACKUP" __Sample Upload File__ { "version": 1, "tenant": "a-sample-tenant", "objects": [ { "version": 1, "self": { "id": "0a59c7196d2917f8aa6d29686e6600fb", "type": "SOURCE", "name": "Extended Form" }, "object": { "id": "0a59c7196d2917f8aa6d29686e6600fb", "name": "Extended Form", "type": "DelimitedFile", "connectorClass": "sailpoint.connector.DelimitedFileConnector", "connectorScriptName": "delimited-file-angularsc", "description": "Migrated app - Extended Form (original ID: 0a59c7196d2917f8aa6d29686e6600fb)", "deleteThreshold": 10, "provisionAsCsv": false, "owner": { "type": "IDENTITY", "id": "0a59c7196d2917f8816d29685fed00c3", "name": "slpt.services" }, "connectorAttributes": { "beforemoveAccount": "Do Nothing", "beforemoverAccount": "Do Nothing", "busApp": "false", "file": "Empty", "filetransport": "local", "filterEmptyRecords": "true", "group.filetransport": "local", "group.filterEmptyRecords": "true", "group.partitionMode": "auto", "hasHeader": "true", "indexColumn": "ID", "isCaseInsensitiveMerge": "false", "isSortedByIndexColumn": "false", "loaProcess": "Do Nothing", "ltdProcess": "Do Nothing", "mergeRows": "false", "moverProcess": "Do Nothing", "moverRevocation": "Do Nothing", "nativeChangeDetectionAttributeScope": "entitlements", "nativeChangeDetectionEnabled": "false", "nativeChangeProcess": "Do Nothing", "parseType": "delimited", "partitionMode": "auto", "policyType": "Do Nothing", "rehireProcess": "Do Nothing", "reverseleaverProcess": "Do Nothing", "rtwloaProcess": "Do Nothing", "rtwltdProcess": "Do Nothing", "stopIfLineHasWrongColumnLength": "false", "templateApplication": "DelimitedFile Template", "terminationProcess": "Do Nothing" }, "schemas": [], "provisioningPolicies": [], "features": [ "DIRECT_PERMISSIONS", "NO_RANDOM_ACCESS", "DISCOVER_SCHEMA" ] } } ] } required: true content: multipart/form-data: schema: type: object properties: data: type: string format: binary description: JSON file containing the objects to be imported. name: type: string description: Name that will be assigned to the uploaded configuration file. required: - data - name responses: '202': description: Upload job accepted and queued for processing. content: application/json: schema: $ref: '#/components/schemas/BackupResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/backups/uploads/{id}: get: operationId: getUploadedConfiguration security: - userAuth: - sp:config-backup:read - sp:config-backup:manage tags: - Configuration Hub summary: Get an uploaded configuration description: This API gets an existing uploaded configuration for the current tenant. parameters: - in: path name: id schema: type: string required: true description: The id of the uploaded configuration. example: 3d0fe04b-57df-4a46-a83b-8f04b0f9d10b responses: '200': description: Gets an uploaded configuration details. content: application/json: schema: $ref: '#/components/schemas/BackupResponse' example: jobId: 2ea830f3-2b14-4772-8a20-3d006742e419 status: COMPLETE type: BACKUP tenant: someTenant requesterName: support fileExists: true created: '2024-02-20T22:08:31.064Z' modified: '2024-02-20T22:13:15.662Z' completed: '2024-02-20T22:08:31.689Z' name: something new userCanDelete: false isPartial: false backupType: UPLOADED hydrationStatus: HYDRATED totalObjectCount: 2 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteUploadedConfiguration security: - userAuth: - sp:config-backup:manage tags: - Configuration Hub summary: Delete an uploaded configuration description: |- This API deletes an uploaded configuration based on Id. On success, this endpoint will return an empty response. The uploaded configuration id can be obtained from the response after a successful upload, or the list uploaded configurations endpoint. parameters: - in: path name: id schema: type: string required: true description: The id of the uploaded configuration. example: 3d0fe04b-57df-4a46-a83b-8f04b0f9d10b responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/backups: get: operationId: listBackups security: - userAuth: - sp:config-backup:read - sp:config-backup:manage tags: - Configuration Hub summary: List backups description: This API gets a list of existing backups for the current tenant. parameters: - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **status**: *eq* example: status eq "COMPLETE" required: false responses: '200': description: List of existing backups. content: application/json: schema: type: array items: $ref: '#/components/schemas/BackupResponse' example: - jobId: 09491993-9cb6-49a7-8d37-8bef54d33502 status: COMPLETE type: BACKUP tenant: tenant-name requesterName: Requester Name fileExists: true created: '2024-02-19T19:54:15.373Z' modified: '2024-02-19T20:39:00.341Z' completed: '2024-02-19T19:54:15.605Z' name: Backup name userCanDelete: false isPartial: true backupType: MANUAL options: includeTypes: - SOURCE objectOptions: SOURCE: includedNames: - Source Name hydrationStatus: HYDRATED totalObjectCount: 2 cloudStorageStatus: SYNCED '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/backups/{id}: delete: operationId: deleteBackup security: - userAuth: - sp:config-backup:manage tags: - Configuration Hub summary: Delete a backup description: |- This API deletes an existing backup for the current tenant. On success, this endpoint will return an empty response. The backup id can be obtained from the response after a backup was successfully created, or from the list backups endpoint. parameters: - in: path name: id schema: type: string required: true description: The id of the backup to delete. example: 07659d7d-2cce-47c0-9e49-185787ee565a responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/drafts: get: operationId: listDrafts security: - userAuth: - sp:config-draft:read - sp:config-draft:manage tags: - Configuration Hub summary: List drafts description: This API gets a list of existing drafts for the current tenant. parameters: - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **status**: *eq* **approvalStatus**: *eq* example: status eq "COMPLETE" required: false responses: '200': description: List of existing drafts. content: application/json: schema: type: array items: $ref: '#/components/schemas/DraftResponse' example: - jobId: 07659d7d-2cce-47c0-9e49-185787ee565a status: COMPLETE type: CREATE_DRAFT message: Draft creation message requesterName: Requester Name fileExists: true created: '2024-08-16T14:16:58.389Z' completed: '2024-08-16T14:17:12.355Z' name: Draft Name sourceTenant: source-tenant sourceBackupId: 9393e1f5-bed6-4fa8-80fb-6f86b19bd3d6 sourceBackupName: Source Backup Name mode: RESTORE approvalStatus: DEFAULT approvalComment: - comment: Approval comment timestamp: '2024-08-26T19:32:46.384137Z' user: User name id: User id changedToStatus: PENDING_FOR_APPROVAL '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/drafts/{id}: delete: operationId: deleteDraft security: - userAuth: - sp:config-draft:manage tags: - Configuration Hub summary: Delete a draft description: |- This API deletes an existing draft for the current tenant. On success, this endpoint will return an empty response. The draft id can be obtained from the response after a draft was successfully created, or from the list drafts endpoint. parameters: - in: path name: id schema: type: string required: true description: The id of the draft to delete. example: 07659d7d-2cce-47c0-9e49-185787ee565a responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/deploys: get: operationId: listDeploys security: - userAuth: - sp:config-deploy:read - sp:config-deploy:manage tags: - Configuration Hub summary: List deploys description: This API gets a list of deploys for the current tenant. responses: '200': description: List of existing deploys. content: application/json: schema: type: object properties: items: type: array description: list of deployments items: $ref: '#/components/schemas/DeployResponse' example: items: - jobId: 3d0fe04b-57df-4a46-a83b-8f04b0f9d10b status: COMPLETE type: CONFIG_DEPLOY_DRAFT message: Deploy outcome message requesterName: requester.name fileExists: true created: '2023-08-29T01:54:37.069Z' modified: '2024-07-15T16:53:45.925Z' completed: '2023-08-29T01:54:41.924Z' draftId: 925e34e3-fa7c-4e7a-9b9a-cf3b8b4b1068 draftName: Source draft name cloudStorageStatus: SYNCED - jobId: bdbcaae6-5e2a-4ebd-9eb3-37b09ec7eea4 status: FAILED type: CONFIG_DEPLOY_DRAFT message: Deploy outcome message requesterName: requester.name fileExists: true created: '2023-07-20T18:38:00.812Z' modified: '2024-07-15T16:53:59.778Z' completed: '2023-07-20T18:38:01.783Z' draftId: e04da89d-941f-41e8-83ab-dd185ef5e646 draftName: Source draft name cloudStorageStatus: NOT_SYNCED '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createDeploy security: - userAuth: - sp:config-deploy:manage tags: - Configuration Hub summary: Create a deploy description: This API performs a deploy based on an existing daft. requestBody: description: The deploy request body. required: true content: application/json: schema: $ref: '#/components/schemas/DeployRequest' example: draftId: c9a38d8c-5edf-4182-9d39-f6581d3ebd05 responses: '202': description: Deploy job accepted and queued for processing. content: application/json: schema: $ref: '#/components/schemas/DeployResponse' example: jobId: ce928190-b50a-4e9a-9854-b56959be8bb1 status: NOT_STARTED type: CONFIG_DEPLOY_DRAFT requesterName: support fileExists: false created: '2024-09-19T19:28:58.503Z' modified: '2024-09-19T19:28:58.509Z' draftId: ebee8250-841f-41de-b74f-288b81137d12 draftName: Draft for 46207915-854f-4894-8723-782fdcc677d6 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /configuration-hub/deploys/{id}: get: operationId: getDeploy security: - userAuth: - sp:config-deploy:read - sp:config-deploy:manage tags: - Configuration Hub summary: Get a deploy description: This API gets an existing deploy for the current tenant. parameters: - in: path name: id schema: type: string required: true description: The id of the deploy. example: 3d0fe04b-57df-4a46-a83b-8f04b0f9d10b responses: '200': description: Gets the details of a deploy. content: application/json: schema: $ref: '#/components/schemas/DeployResponse' example: jobId: 3d0fe04b-57df-4a46-a83b-8f04b0f9d10b status: COMPLETE type: CONFIG_DEPLOY_DRAFT message: Deploy outcome message requesterName: requester.name fileExists: true created: '2023-08-29T01:54:37.069Z' modified: '2024-07-15T16:53:45.925Z' completed: '2023-08-29T01:54:41.924Z' draftId: 925e34e3-fa7c-4e7a-9b9a-cf3b8b4b1068 draftName: Source draft name cloudStorageStatus: SYNCED '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /connectors/{scriptName}: get: tags: - Connectors operationId: getConnector summary: Get connector by script name description: 'Fetches a connector that using its script name. ' parameters: - name: scriptName in: path description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName - in: query name: locale required: false schema: type: string enum: - de - 'no' - fi - sv - ru - pt - ko - zh-TW - en - it - fr - zh-CN - hu - es - cs - ja - pl - da - nl example: de description: The locale to apply to the config. If no viable locale is given, it will default to "en" responses: '200': description: A Connector Dto object content: application/json: schema: $ref: '#/components/schemas/ConnectorDetail' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:read - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN delete: tags: - Connectors operationId: deleteCustomConnector summary: Delete connector by script name description: Delete a custom connector that using its script name. parameters: - name: scriptName in: path description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName responses: '204': $ref: '#/components/responses/204' description: The custom connector was successfully deleted. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN patch: tags: - Connectors operationId: updateConnector summary: Update connector by script name description: | This API updates a custom connector by script name using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax. The following fields are patchable: * connectorMetadata * applicationXml * correlationConfigXml * sourceConfigXml parameters: - name: scriptName in: path description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName requestBody: required: true description: | A list of connector detail update operations content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' responses: '200': description: A updated Connector Dto object content: application/json: schema: $ref: '#/components/schemas/ConnectorDetail' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /connectors: get: tags: - Connectors operationId: getConnectorList summary: Get connector list description: Fetches list of connectors that have 'RELEASED' status using filtering and pagination. parameters: - in: query name: filters required: false schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **name**: *sw, co* **type**: *sw, co, eq* **directConnect**: *eq* **category**: *eq* **features**: *ca* **labels**: *ca* example: directConnect eq "true" - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: locale required: false schema: type: string enum: - de - 'no' - fi - sv - ru - pt - ko - zh-TW - en - it - fr - zh-CN - hu - es - cs - ja - pl - da - nl example: de description: The locale to apply to the config. If no viable locale is given, it will default to "en" responses: '200': description: A Connector Dto object content: application/json: schema: type: array items: $ref: '#/components/schemas/V3ConnectorDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:read - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN post: tags: - Connectors operationId: createCustomConnector summary: Create custom connector description: 'Create custom connector. ' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/V3CreateConnectorDto' responses: '200': description: A Connector Dto object content: application/json: schema: $ref: '#/components/schemas/V3ConnectorDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /connectors/{scriptName}/source-config: get: tags: - Connectors operationId: getConnectorSourceConfig summary: Get connector source configuration description: 'Fetches a connector''s source config using its script name. ' parameters: - name: scriptName in: path description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName responses: '200': description: The connector's source template content: application/xml: schema: type: string '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:read - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN put: tags: - Connectors operationId: putConnectorSourceConfig summary: Update connector source configuration description: 'Update a connector''s source config using its script name. ' parameters: - name: scriptName in: path description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName requestBody: required: true content: multipart/form-data: schema: type: object required: - file properties: file: type: string description: connector source config xml file format: binary responses: '200': description: The connector's update detail content: application/json: schema: $ref: '#/components/schemas/UpdateDetail' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /connectors/{scriptName}/translations/{locale}: get: tags: - Connectors operationId: getConnectorTranslations summary: Get connector translations description: 'Fetches a connector''s translations using its script name. ' parameters: - name: scriptName in: path description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName - name: locale in: path required: true schema: type: string enum: - de - 'no' - fi - sv - ru - pt - ko - zh-TW - en - it - fr - zh-CN - hu - es - cs - ja - pl - da - nl example: de description: The locale to apply to the config. If no viable locale is given, it will default to "en" responses: '200': description: The connector's translations content: text/plain: schema: type: string '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:read - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN put: tags: - Connectors operationId: putConnectorTranslations summary: Update connector translations description: 'Update a connector''s translations using its script name. ' parameters: - name: scriptName in: path description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName - name: locale in: path required: true schema: type: string enum: - de - 'no' - fi - sv - ru - pt - ko - zh-TW - en - it - fr - zh-CN - hu - es - cs - ja - pl - da - nl example: de description: The locale to apply to the config. If no viable locale is given, it will default to "en" requestBody: required: true content: multipart/form-data: schema: type: object responses: '200': description: The connector's update detail content: application/json: schema: $ref: '#/components/schemas/UpdateDetail' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /connectors/{scriptName}/source-template: get: tags: - Connectors operationId: getConnectorSourceTemplate summary: Get connector source template description: 'Fetches a connector''s source template using its script name. ' parameters: - name: scriptName in: path description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName responses: '200': description: The connector's source template content: application/xml: schema: type: string '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:read - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN put: tags: - Connectors operationId: putConnectorSourceTemplate summary: Update connector source template description: 'Update a connector''s source template using its script name. ' parameters: - name: scriptName in: path description: The scriptName value of the connector. ScriptName is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName requestBody: required: true content: multipart/form-data: schema: type: object required: - file properties: file: type: string description: connector source template xml file format: binary responses: '200': description: The connector's update detail content: application/json: schema: $ref: '#/components/schemas/UpdateDetail' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /connectors/{scriptName}/correlation-config: get: tags: - Connectors operationId: getConnectorCorrelationConfig summary: Get connector correlation configuration description: 'Fetches a connector''s correlation config using its script name. ' parameters: - name: scriptName in: path description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName responses: '200': description: The connector's correlation config content: application/xml: schema: type: string '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:read - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN put: tags: - Connectors operationId: putConnectorCorrelationConfig summary: Update connector correlation configuration description: 'Update a connector''s correlation config using its script name. ' parameters: - name: scriptName in: path description: The scriptName value of the connector. Scriptname is the unique id generated at connector creation. required: true x-sailpoint-resource-operation-id: getConnectorList style: simple explode: false schema: type: string example: aScriptName requestBody: required: true content: multipart/form-data: schema: type: object required: - file properties: file: type: string description: connector correlation config xml file format: binary responses: '200': description: The connector's update detail content: application/json: schema: $ref: '#/components/schemas/UpdateDetail' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /connector-rules: get: tags: - Connector Rule Management operationId: getConnectorRuleList summary: List connector rules description: List existing connector rules. responses: '200': description: List of connector rules. content: application/json: schema: type: array items: $ref: '#/components/schemas/ConnectorRuleResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:rule-management-connector:read - idn:rule-management-connector:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - $ref: '#/components/parameters/limit50' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' post: tags: - Connector Rule Management operationId: createConnectorRule summary: Create connector rule description: Create a connector rule from the available types. requestBody: required: true description: Connector rule to create. content: application/json: schema: $ref: '#/components/schemas/ConnectorRuleCreateRequest' responses: '201': description: Created connector rule. content: application/json: schema: $ref: '#/components/schemas/ConnectorRuleResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:rule-management-connector:manage x-sailpoint-userLevels: - ORG_ADMIN /connector-rules/{id}: get: tags: - Connector Rule Management summary: Get connector rule operationId: getConnectorRule description: Get a connector rule by ID. parameters: - name: id in: path description: ID of the connector rule to get. required: true x-sailpoint-resource-operation-id: getConnectorRuleList style: simple explode: false schema: type: string example: 8c190e6787aa4ed9a90bd9d5344523fb responses: '200': description: Connector rule with the given ID. content: application/json: schema: $ref: '#/components/schemas/ConnectorRuleResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:rule-management-connector:read - idn:rule-management-connector:manage x-sailpoint-userLevels: - ORG_ADMIN put: tags: - Connector Rule Management summary: Update connector rule description: 'Update an existing connector rule with the one provided in the request body. These fields are immutable: `id`, `name`, `type`' operationId: putConnectorRule parameters: - name: id in: path description: ID of the connector rule to update. required: true x-sailpoint-resource-operation-id: getConnectorRuleList style: simple explode: false schema: type: string example: 8c190e6787aa4ed9a90bd9d5344523fb requestBody: description: Connector rule with updated data. content: application/json: schema: $ref: '#/components/schemas/ConnectorRuleUpdateRequest' responses: '200': description: Updated connector rule. content: application/json: schema: $ref: '#/components/schemas/ConnectorRuleResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:rule-management-connector:manage x-sailpoint-userLevels: - ORG_ADMIN delete: tags: - Connector Rule Management summary: Delete connector rule description: Delete the connector rule for the given ID. operationId: deleteConnectorRule parameters: - name: id in: path description: ID of the connector rule to delete. required: true x-sailpoint-resource-operation-id: getConnectorRuleList style: simple explode: false schema: type: string example: 8c190e6787aa4ed9a90bd9d5344523fb responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:rule-management-connector:manage x-sailpoint-userLevels: - ORG_ADMIN /connector-rules/validate: post: tags: - Connector Rule Management operationId: testConnectorRule summary: Validate connector rule description: Detect issues within the connector rule's code to fix and list them. requestBody: required: true description: Code to validate. content: application/json: schema: $ref: '#/components/schemas/SourceCode' responses: '200': description: Status of the code's eligibility as a connector rule. content: application/json: schema: $ref: '#/components/schemas/ConnectorRuleValidationResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:rule-management-connector:read - idn:rule-management-connector:manage x-sailpoint-userLevels: - ORG_ADMIN /data-segments/membership/{identityId}: get: operationId: getDataSegmentIdentityMembership security: - userAuth: - idn:data-segment:read x-sailpoint-userLevels: - ORG_ADMIN tags: - Data Segmentation summary: Get segmentmembership by identity id description: This API returns the segment membership specified by the given identity ID. parameters: - in: path name: identityId schema: type: string required: true description: The identity ID to retrieve the segments they are in. example: ef38f943-47e9-4562-b5bb-8424a56397d8 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Segment Memberships for specified identity content: application/json: schema: items: $ref: '#/components/schemas/SegmentMembership' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /data-segments/user-enabled/{identityId}: get: operationId: getDataSegmentationEnabledForUser security: - userAuth: - idn:data-segment:read x-sailpoint-userLevels: - ORG_ADMIN tags: - Data Segmentation summary: Is segmentation enabled by identity description: This API returns whether or not segmentation is enabled for the identity. parameters: - in: path name: identityId schema: type: string required: true description: The identity ID to retrieve if segmentation is enabled for the identity. example: ef38f943-47e9-4562-b5bb-8424a56397d8 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Returns if segmentation is enabled for a specified User content: application/json: schema: type: boolean '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /data-segments/{segmentId}: get: operationId: getDataSegment security: - userAuth: - idn:data-segment:read x-sailpoint-userLevels: - ORG_ADMIN tags: - Data Segmentation summary: Get segment by id description: This API returns the segment specified by the given ID. parameters: - in: path name: id schema: type: string required: true description: The segment ID to retrieve. example: ef38f943-47e9-4562-b5bb-8424a56397d8 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Segment content: application/json: schema: $ref: '#/components/schemas/Data-Segment' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: publishDataSegment security: - userAuth: - idn:data-segment:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Data Segmentation summary: Publish segment by id description: This will publish the segment so that it starts applying the segmentation to the desired users if enabled parameters: - in: query name: publishAll schema: type: boolean default: true required: false description: This flag decides whether you want to publish all unpublished or a list of specific segment ids example: true - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: required: true description: A list of segment ids that you wish to publish content: application/json: schema: type: array items: type: string responses: '200': description: Segments published '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchDataSegment security: - userAuth: - idn:data-segment:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Data Segmentation summary: Update segment description: Use this API to update segment fields by using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. parameters: - in: path name: id schema: type: string required: true description: The segment ID to modify. example: ef38f943-47e9-4562-b5bb-8424a56397d8 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: required: true description: | A list of segment update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * name * description * membership * memberFilter * memberSelection * scopes * enabled content: application/json-patch+json: schema: type: array items: type: object examples: Set Visibility Criteria: description: Set the member filter value: - op: replace path: /memberFilter value: expression: operator: AND children: - operator: EQUALS attribute: location value: type: STRING value: Philadelphia - operator: EQUALS attribute: department value: type: STRING value: HR responses: '200': description: Indicates the PATCH operation succeeded, and returns the segment's new representation. content: application/json: schema: $ref: '#/components/schemas/Data-Segment' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteDataSegment security: - userAuth: - idn:data-segment:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Data Segmentation summary: Delete segment by id description: This API deletes the segment specified by the given ID. parameters: - in: path name: id schema: type: string required: true description: The segment ID to delete. example: ef38f943-47e9-4562-b5bb-8424a56397d8 - in: query name: published schema: type: boolean default: false required: false description: This determines which version of the segment to delete example: false - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '204': description: No content. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /data-segments: get: operationId: listDataSegments security: - userAuth: - idn:data-segment:read x-sailpoint-userLevels: - ORG_ADMIN tags: - Data Segmentation summary: Get segments description: This API returns the segment specified by the given ID. parameters: - in: query name: enabled required: false description: This boolean indicates whether the segment is currently active. Inactive segments have no effect. schema: type: boolean default: true example: true - in: query name: unique required: false description: This returns only one record if set to true and that would be the published record if exists. schema: type: boolean default: false example: false - in: query name: published required: false description: This boolean indicates whether the segment is being applied to the accounts. If unpublished its being actively modified until published schema: type: boolean default: true example: true - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters required: false schema: type: string example: name eq "" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in, sw* **name**: *eq, in, sw* - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of all segments content: application/json: schema: type: array items: $ref: '#/components/schemas/Data-Segment' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createDataSegment security: - userAuth: - idn:data-segment:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Data Segmentation summary: Create segment description: |- This API creates a segment. >**Note:** Segment definitions may take time to propagate to all identities. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Data-Segment' responses: '201': description: Segment created content: application/json: schema: $ref: '#/components/schemas/Data-Segment' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identities: get: operationId: listIdentities tags: - Identities summary: List identities description: This API returns a list of identities. security: - userAuth: - idn:identity:read - idn:identity:manage parameters: - in: query name: filters schema: type: string required: false description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **alias**: *eq, sw* **firstname**: *eq, sw* **lastname**: *eq, sw* **email**: *eq, sw* **cloudStatus**: *eq* **processingState**: *eq* **correlated**: *eq* **protected**: *eq* example: id eq "6c9079b270a266a60170a2779fcb0006" or correlated eq false - in: query name: sorters schema: type: string format: comma-separated required: false description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, alias, cloudStatus** example: name,-cloudStatus - in: query name: defaultFilter schema: type: string enum: - CORRELATED_ONLY - NONE default: CORRELATED_ONLY required: false description: |- Adds additional filter to filters query parameter. CORRELATED_ONLY adds correlated=true and returns only identities that are correlated. NONE does not add any and returns all identities that satisfy filters query parameter. example: NONE - $ref: '#/components/parameters/count' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' responses: '200': description: List of identities. content: application/json: schema: type: array items: $ref: '#/components/schemas/Identity' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identities/{id}: get: operationId: getIdentity tags: - Identities summary: Identity details description: This API returns a single identity using the Identity ID. security: - userAuth: - idn:identity:read - idn:identity:manage parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentities description: Identity Id example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: An identity object content: application/json: schema: $ref: '#/components/schemas/Identity' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteIdentity tags: - Identities summary: Delete identity description: The API returns successful response if the requested identity was deleted. security: - userAuth: - idn:identity:manage - applicationAuth: - idn:identity:manage parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentities description: Identity Id example: ef38f94347e94562b5bb8424a56397d8 responses: '204': $ref: '#/components/responses/204' '400': description: Client Error - Returned if the request is invalid. It may indicate that the specified identity is marked as protected and cannot be deleted. content: application/json: schema: $ref: '#/components/schemas/IdentityAssociationDetails' example: message: Identity is the owner of following resources associationDetails: associationType: CAMPAIGN_OWNER entities: - id: b660a232f05b4e04812ca974b3011e0f name: Gaston.800ddf9640a type: CAMPAIGN_CAMPAIGNER '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identities-accounts/{id}/enable: post: operationId: enableAccountForIdentity tags: - Accounts summary: Enable idn account for identity description: This API submits a task to enable IDN account for a single identity. externalDocs: description: Learn more about enabling identities here url: https://documentation.sailpoint.com/saas/help/accounts/identities.html?h=disabling+identities#enabling-identities security: - userAuth: - idn:accounts-state:manage - idn:accounts-provisioning:manage - applicationAuth: - idn:accounts-state:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentities description: The identity id. example: 2c91808384203c2d018437e631158309 responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identities-accounts/{id}/disable: post: operationId: disableAccountForIdentity tags: - Accounts summary: Disable idn account for identity description: This API submits a task to disable IDN account for a single identity. externalDocs: description: Learn more about disabling identities here url: https://documentation.sailpoint.com/saas/help/accounts/identities.html?h=disabling+identities#disabling-identities security: - userAuth: - idn:accounts-state:manage - idn:accounts-provisioning:manage - applicationAuth: - idn:accounts-state:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listIdentities description: The identity id. example: 2c91808384203c2d018437e631158309 responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identities-accounts/enable: post: operationId: enableAccountsForIdentities tags: - Accounts summary: Enable idn accounts for identities description: This API submits tasks to enable IDN account for each identity provided in the request body. externalDocs: description: Learn more about enabling identities here url: https://documentation.sailpoint.com/saas/help/accounts/identities.html?h=disabling+identities#enabling-identities security: - userAuth: - idn:accounts-state:manage - idn:accounts-provisioning:manage - applicationAuth: - idn:accounts-state:manage x-sailpoint-userLevels: - ORG_ADMIN requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/IdentitiesAccountsBulkRequest' responses: '207': description: Bulk response details. content: application/json: schema: type: array items: $ref: '#/components/schemas/BulkIdentitiesAccountsResponse' example: - id: 2c9180858082150f0180893dbaf553fe statusCode: 404 message: Referenced identity "2c9180858082150f0180893dbaf553fe" was not found. - id: 2c91808384203c2d018437e631158308 statusCode: 202 message: null '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identities-accounts/disable: post: operationId: disableAccountsForIdentities tags: - Accounts summary: Disable idn accounts for identities description: This API submits tasks to disable IDN account for each identity provided in the request body. externalDocs: description: Learn more about disabling identities here url: https://documentation.sailpoint.com/saas/help/accounts/identities.html?h=disabling+identities#disabling-identities security: - userAuth: - idn:accounts-state:manage - idn:accounts-provisioning:manage - applicationAuth: - idn:accounts-state:manage x-sailpoint-userLevels: - ORG_ADMIN requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/IdentitiesAccountsBulkRequest' responses: '207': description: Bulk response details. content: application/json: schema: type: array items: $ref: '#/components/schemas/BulkIdentitiesAccountsResponse' example: - id: 2c9180858082150f0180893dbaf553fe statusCode: 404 message: Referenced identity "2c9180858082150f0180893dbaf553fe" was not found. - id: 2c91808384203c2d018437e631158308 statusCode: 202 message: null '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identities/{identityId}/ownership: get: operationId: getIdentityOwnershipDetails summary: Get ownership details tags: - Identities description: |- Use this API to return an identity's owned objects that will cause problems for deleting the identity. Use this API as a checklist of objects that you need to reassign to a different identity before you can delete the identity. For a full list of objects owned by an identity, use the [Search API](https://developer.sailpoint.com/docs/api/v3/search-post/). When you search for identities, the returned identities have a property, `owns`, that contains a more comprehensive list of identity's owned objects. security: - userAuth: - idn:identity:read x-sailpoint-userLevels: - Any parameters: - in: path name: identityId schema: type: string required: true x-sailpoint-resource-operation-id: listIdentities description: Identity ID. example: ff8081814d2a8036014d701f3fbf53fa responses: '200': description: Identity's ownership association details. If the API is triggered for uncorrelated accounts, will respond with OK. content: application/json: schema: $ref: '#/components/schemas/IdentityOwnershipAssociationDetails' example: associationDetails: associationType: ROLE_OWNER entities: - id: b660a232f05b4e04812ca974b3011e0f name: Gaston.800ddf9640a type: ROLE '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identities/{id}/reset: post: operationId: resetIdentity tags: - Identities summary: Reset an identity description: Use this endpoint to reset a user's identity if they have forgotten their authentication information like their answers to knowledge-based questions. Resetting an identity de-registers the user and removes any elevated user levels they have. security: - userAuth: - idn:identity:manage - applicationAuth: - idn:identity:manage parameters: - in: path name: identityId schema: type: string required: true x-sailpoint-resource-operation-id: listIdentities description: Identity Id example: ef38f94347e94562b5bb8424a56397d8 responses: '202': description: Accepted. The reset request accepted and is in progress. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identities/{identityId}/role-assignments: get: operationId: getRoleAssignments tags: - Identities summary: List role assignments description: This returns either a list of Role Assignments when querying with either a Role Id or Role Name, or a list of Role Assignment References if querying with only identity Id. security: - userAuth: - idn:identity:read - idn:identity-direct-report:read - idn:identity:manage parameters: - in: path name: identityId schema: type: string required: true x-sailpoint-resource-operation-id: listIdentities description: Identity Id to get the role assignments for example: ef38f94347e94562b5bb8424a56397d8 - in: query name: roleId schema: type: string required: false description: Role Id to filter the role assignments with example: e7697a1e96d04db1ac7b0f4544915d2c - in: query name: roleName schema: type: string required: false description: Role name to filter the role assignments with example: Engineer responses: '200': description: A role assignment object content: application/json: schema: type: array items: anyOf: - $ref: '#/components/schemas/RoleAssignmentRef' - $ref: '#/components/schemas/RoleAssignmentDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identities/{identityId}/role-assignments/{assignmentId}: get: operationId: getRoleAssignment tags: - Identities summary: Role assignment details security: - userAuth: - idn:identity:read - idn:identity-direct-report:read - idn:identity:manage parameters: - in: path name: identityId schema: type: string required: true x-sailpoint-resource-operation-id: listIdentities description: Identity Id example: ef38f94347e94562b5bb8424a56397d8 - in: path name: assignmentId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleAssignments description: Assignment Id example: 1cbb0705b38c4226b1334eadd8874086 responses: '200': description: A role assignment object content: application/json: schema: $ref: '#/components/schemas/RoleAssignmentDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identities/{identity-id}/set-lifecycle-state: post: operationId: setLifecycleState tags: - Lifecycle States summary: Set lifecycle state description: Use this API to set/update an identity's lifecycle state to the one provided and update the corresponding identity profile. security: - userAuth: - idn:identity-lifecycle-state:manage - applicationAuth: - idn:identity-lifecycle-state:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: identity-id description: ID of the identity to update. required: true x-sailpoint-resource-operation-id: listIdentities example: 2c9180857893f1290178944561990364 schema: type: string requestBody: required: true content: application/json: schema: type: object properties: lifecycleStateId: type: string description: ID of the lifecycle state to set. example: 2c9180877a86e408017a8c19fefe046c responses: '200': description: The request was successfully accepted into the system. content: application/json: schema: type: object properties: accountActivityId: type: string example: 2c9180837ab5b716017ab7c6c9ef1e20 description: ID of the IdentityRequest object that is generated when the workflow launches. To follow the IdentityRequest, you can provide this ID with a [Get Account Activity request](https://developer.sailpoint.com/docs/api/v3/get-account-activity/). The response will contain relevant information about the IdentityRequest, such as its status. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identity-profiles/{identity-profile-id}/lifecycle-states: get: operationId: getLifecycleStates tags: - Lifecycle States summary: Lists lifecyclestates description: 'Use this endpoint to list all lifecycle states by their associated identity profiles. ' security: - userAuth: - idn:identity-profile-lifecycle-state:read - applicationAuth: - idn:identity-profile-lifecycle-state:read x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: identity-profile-id description: Identity profile ID. required: true x-sailpoint-resource-operation-id: listIdentityProfiles schema: type: string example: 2b838de9-db9b-abcf-e646-d4f274ad4238 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: sorters required: false schema: type: string format: comma-separated example: created,modified description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, priority, created, modified** responses: '200': description: List of LifecycleState objects. content: application/json: schema: type: array items: $ref: '#/components/schemas/LifecycleState' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createLifecycleState tags: - Lifecycle States summary: Create lifecycle state description: Use this endpoint to create a lifecycle state. security: - userAuth: - idn:identity-profile-lifecycle-state:manage - applicationAuth: - idn:identity-profile-lifecycle-state:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: identity-profile-id description: Identity profile ID. required: true x-sailpoint-resource-operation-id: listIdentityProfiles schema: type: string example: 2b838de9-db9b-abcf-e646-d4f274ad4238 requestBody: description: Lifecycle state to be created. required: true content: application/json: schema: $ref: '#/components/schemas/LifecycleState' responses: '201': description: Created LifecycleState object. content: application/json: schema: $ref: '#/components/schemas/LifecycleState' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identity-profiles/{identity-profile-id}/lifecycle-states/{lifecycle-state-id}: get: operationId: getLifecycleState tags: - Lifecycle States summary: Get lifecycle state description: 'Use this endpoint to get a lifecycle state by its ID and its associated identity profile ID. ' security: - userAuth: - idn:identity-profile-lifecycle-state:read - applicationAuth: - idn:identity-profile-lifecycle-state:read x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: identity-profile-id description: Identity profile ID. required: true x-sailpoint-resource-operation-id: listIdentityProfiles schema: type: string example: 2b838de9-db9b-abcf-e646-d4f274ad4238 - in: path name: lifecycle-state-id description: Lifecycle state ID. required: true x-sailpoint-resource-operation-id: getLifecycleStates schema: type: string example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: The requested LifecycleState was successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/LifecycleState' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: updateLifecycleStates tags: - Lifecycle States summary: Update lifecycle state description: Use this endpoint to update individual lifecycle state fields, using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. security: - userAuth: - idn:identity-profile-lifecycle-state:manage - applicationAuth: - idn:identity-profile-lifecycle-state:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: identity-profile-id description: Identity profile ID. required: true x-sailpoint-resource-operation-id: listIdentityProfiles schema: type: string example: 2b838de9-db9b-abcf-e646-d4f274ad4238 - in: path name: lifecycle-state-id description: Lifecycle state ID. required: true x-sailpoint-resource-operation-id: getLifecycleStates schema: type: string example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true description: | A list of lifecycle state update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields can be updated: * enabled * description * accountActions * accessProfileIds * emailNotificationOption content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /description value: Updated description! - op: replace path: /accessProfileIds value: - 2c918087742bab150174407a80f3125e - 2c918087742bab150174407a80f3124f - op: replace path: /accountActions value: - action: ENABLE sourceIds: - 2c9180846a2f82fb016a481c1b1560c5 - 2c9180846a2f82fb016a481c1b1560cc - action: DISABLE sourceIds: - 2c91808869a0c9980169a207258513fb - action: DELETE sourceIds: - 3c9180846a2f82fb016a481c1b1560c5 - 8n9180846a2f82fb016a481c1b1560cc excludeSourceIds: null allSources: false - op: replace path: /emailNotificationOption value: notifyManagers: true notifyAllAdmins: false notifySpecificUsers: false emailAddressList: [] responses: '200': description: The LifecycleState was successfully updated. content: application/json: schema: $ref: '#/components/schemas/LifecycleState' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteLifecycleState tags: - Lifecycle States summary: Delete lifecycle state description: 'Use this endpoint to delete the lifecycle state by its ID. ' security: - userAuth: - idn:identity-profile-lifecycle-state:manage - applicationAuth: - idn:identity-profile-lifecycle-state:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: identity-profile-id description: Identity profile ID. required: true x-sailpoint-resource-operation-id: listIdentityProfiles schema: type: string example: 2b838de9-db9b-abcf-e646-d4f274ad4238 - in: path name: lifecycle-state-id description: Lifecycle state ID. required: true x-sailpoint-resource-operation-id: getLifecycleStates schema: type: string example: ef38f94347e94562b5bb8424a56397d8 responses: '202': description: The request was successfully accepted into the system. content: application/json: schema: $ref: '#/components/schemas/LifecyclestateDeleted' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identity-profiles: get: operationId: listIdentityProfiles tags: - Identity Profiles summary: List identity profiles description: Get a list of identity profiles, based on the specified query parameters. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters required: false schema: type: string example: id eq "ef38f94347e94562b5bb8424a56397d8" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, ne, ge, gt, in, le, sw* **name**: *eq, ne, ge, gt, in, le, sw* **priority**: *eq, ne* - in: query name: sorters required: false schema: type: string format: comma-separated example: id,name description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, priority, created, modified, owner.id, owner.name** responses: '200': description: List of identity profiles. content: application/json: schema: type: array items: $ref: '#/components/schemas/IdentityProfile' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:read - applicationAuth: - idn:identity-profile:read x-sailpoint-userLevels: - ORG_ADMIN post: operationId: createIdentityProfile summary: Create identity profile description: 'Creates an identity profile. ' tags: - Identity Profiles requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/IdentityProfile' responses: '201': description: Created identity profile. content: application/json: schema: $ref: '#/components/schemas/IdentityProfile' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:manage x-sailpoint-userLevels: - ORG_ADMIN /identity-profiles/bulk-delete: post: operationId: deleteIdentityProfiles tags: - Identity Profiles summary: Delete identity profiles description: |- This deletes multiple Identity Profiles via a list of supplied IDs. On success, this endpoint will return a reference to the bulk delete task result. The following rights are required to access this endpoint: idn:identity-profile:delete requestBody: description: Identity Profile bulk delete request body. required: true content: application/json: schema: $ref: '#/components/schemas/IdentityProfileBulkDelete' responses: '202': description: Accepted - Returns a TaskResult object referencing the bulk delete job created. content: application/json: schema: $ref: '#/components/schemas/TaskResultSimplified' description: An object with a TaskResult reference of the bulk delete job '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:manage x-sailpoint-userLevels: - ORG_ADMIN /identity-profiles/export: get: operationId: exportIdentityProfiles tags: - Identity Profiles summary: Export identity profiles description: This exports existing identity profiles in the format specified by the sp-config service. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters required: false schema: type: string example: id eq "ef38f94347e94562b5bb8424a56397d8" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, ne* **name**: *eq, ne* **priority**: *eq, ne* - in: query name: sorters required: false schema: type: string format: comma-separated example: id,name description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, priority** responses: '200': description: List of export objects with identity profiles. content: application/json: schema: type: array items: $ref: '#/components/schemas/IdentityProfileExportedObject' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:read - applicationAuth: - idn:identity-profile:read /identity-profiles/import: post: operationId: importIdentityProfiles summary: Import identity profiles description: This imports previously exported identity profiles. tags: - Identity Profiles requestBody: description: Previously exported Identity Profiles. required: true content: application/json: schema: type: array items: $ref: '#/components/schemas/IdentityProfileExportedObject' responses: '200': description: The result of importing Identity Profiles. content: application/json: schema: $ref: '#/components/schemas/ObjectImportResult' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:manage /identity-profiles/{identity-profile-id}: get: operationId: getIdentityProfile tags: - Identity Profiles summary: Get identity profile description: Get a single identity profile by ID. parameters: - in: path name: identity-profile-id schema: type: string format: uuid required: true x-sailpoint-resource-operation-id: listIdentityProfiles description: Identity profile ID. example: 2b838de9-db9b-abcf-e646-d4f274ad4238 responses: '200': description: Identity profile object. content: application/json: schema: $ref: '#/components/schemas/IdentityProfile' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:read - applicationAuth: - idn:identity-profile:read x-sailpoint-userLevels: - ORG_ADMIN delete: operationId: deleteIdentityProfile tags: - Identity Profiles summary: Delete identity profile description: |- Delete an identity profile by ID. On success, this endpoint will return a reference to the bulk delete task result. parameters: - in: path name: identity-profile-id schema: type: string format: uuid required: true x-sailpoint-resource-operation-id: listIdentityProfiles description: Identity profile ID. example: ef38f94347e94562b5bb8424a56397d8 responses: '202': description: Accepted - Returns a TaskResult object referencing the bulk delete job created. content: application/json: schema: $ref: '#/components/schemas/TaskResultSimplified' description: An object with a TaskResult reference of the delete job. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:manage x-sailpoint-userLevels: - ORG_ADMIN patch: operationId: updateIdentityProfile tags: - Identity Profiles summary: Update identity profile description: |- Update a specified identity profile with this PATCH request. You cannot update these fields: * id * created * modified * identityCount * identityRefreshRequired * Authoritative Source and Identity Attribute Configuration cannot be modified at the same time. parameters: - in: path name: identity-profile-id schema: type: string format: uuid required: true x-sailpoint-resource-operation-id: listIdentityProfiles description: Identity profile ID. example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true description: List of identity profile update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' examples: add-attribute-transform: summary: Add an attribute transform value: - op: add path: /identityAttributeConfig/attributeTransforms/0 value: identityAttributeName: location transformDefinition: type: accountAttribute attributes: sourceName: Employees attributeName: location sourceId: 2c91808878b7d63b0178c66ffcdc4ce4 responses: '200': description: Updated identity profile. content: application/json: schema: $ref: '#/components/schemas/IdentityProfile' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:manage x-sailpoint-userLevels: - ORG_ADMIN /identity-profiles/{identity-profile-id}/default-identity-attribute-config: get: operationId: getDefaultIdentityAttributeConfig tags: - Identity Profiles summary: Get default identity attribute config description: This returns the default identity attribute config. parameters: - in: path name: identity-profile-id schema: type: string format: uuid required: true x-sailpoint-resource-operation-id: listIdentityProfiles description: The Identity Profile ID. example: 2b838de9-db9b-abcf-e646-d4f274ad4238 responses: '200': description: An Identity Attribute Config object. content: application/json: schema: $ref: '#/components/schemas/IdentityAttributeConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:manage x-sailpoint-userLevels: - ORG_ADMIN /identity-profiles/{identity-profile-id}/process-identities: post: operationId: syncIdentityProfile tags: - Identity Profiles summary: Process identities under profile description: |- Process identities under the profile This operation should not be used to schedule your own identity processing or to perform system wide identity refreshes. The system will use a combination of [event-based processing](https://documentation.sailpoint.com/saas/help/setup/identity_processing.html?h=process#event-based-processing) and [scheduled processing](https://documentation.sailpoint.com/saas/help/setup/identity_processing.html?h=process#scheduled-processing) that runs every day at 8:00 AM and 8:00 PM in the tenant's timezone to keep your identities synchronized. This should only be run on identity profiles that have the `identityRefreshRequired` attribute set to `true`. If `identityRefreshRequired` is false, then there is no benefit to running this operation. Typically, this operation is performed when a change is made to the identity profile or its related lifecycle states that requires a refresh. This operation will perform the following activities on all identities under the identity profile. 1. Updates identity attribute according to the identity profile mappings. 2. Determines the identity's correct manager through manager correlation. 3. Updates the identity's access according to their assigned lifecycle state. 4. Updates the identity's access based on role assignment criteria. externalDocs: description: Learn more about manually processing identities here url: https://documentation.sailpoint.com/saas/help/setup/identity_processing.html parameters: - in: path name: identity-profile-id schema: type: string format: uuid required: true x-sailpoint-resource-operation-id: listIdentityProfiles description: The Identity Profile ID to be processed example: ef38f94347e94562b5bb8424a56397d8 responses: '202': description: Accepted status after refresh has launched $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:manage x-sailpoint-userLevels: - ORG_ADMIN /managed-clients: get: tags: - Managed Clients summary: Get managed clients description: List managed clients. operationId: getManagedClients parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq* **name**: *eq* **clientId**: *eq* **clusterId**: *eq* required: false example: name eq "client name" responses: '200': description: Response with a list of managed clients, based on the specified query parameters. content: application/json: schema: type: array items: $ref: '#/components/schemas/ManagedClient' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:read - idn:remote-client:manage - applicationAuth: - idn:remote-client:read - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN post: tags: - Managed Clients summary: Create managed client description: |- Create a new managed client. The API returns a result that includes the managed client ID. operationId: createManagedClient requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ManagedClientRequest' responses: '200': description: Created managed client. content: application/json: schema: $ref: '#/components/schemas/ManagedClient' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN /managed-clients/{id}: get: tags: - Managed Clients summary: Get managed client description: 'Get managed client by ID. ' operationId: getManagedClient parameters: - name: id in: path description: Managed client ID. required: true x-sailpoint-resource-operation-id: getManagedClients example: 4440278c-0ce2-41ee-a0a9-f5cfd5e8d3b7 schema: type: string responses: '200': description: Managed client response. content: application/json: schema: $ref: '#/components/schemas/ManagedClient' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:read - idn:remote-client:manage - idn:managed-client-status:read - idn:managed-client-status:manage - applicationAuth: - idn:remote-client:read - idn:remote-client:manage - idn:managed-client-status:read - idn:managed-client-status:manage x-sailpoint-userLevels: - ORG_ADMIN patch: tags: - Managed Clients summary: Update managed client description: Update an existing managed client. operationId: updateManagedClient parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getManagedClients description: Managed client ID. example: 4440278c-0ce2-41ee-a0a9-f5cfd5e8d3b7 requestBody: required: true description: JSONPatch payload used to update the object. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' responses: '200': description: Updated managed client. content: application/json: schema: $ref: '#/components/schemas/ManagedClient' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN delete: operationId: deleteManagedClient tags: - Managed Clients summary: Delete managed client description: Delete an existing managed client. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getManagedClients description: Managed client ID. example: 4440278c-0ce2-41ee-a0a9-f5cfd5e8d3b7 responses: '204': $ref: '#/components/responses/204' description: Managed client was successfully deleted. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN /managed-clients/{id}/status: get: tags: - Managed Clients summary: Get managed client status description: Get a managed client's status, using its ID. operationId: getManagedClientStatus parameters: - name: id in: path description: Managed client ID to get status for. required: true x-sailpoint-resource-operation-id: getManagedClients schema: type: string example: aClientId - name: type in: query description: Managed client type to get status for. required: true schema: $ref: '#/components/schemas/ManagedClientType' example: VA responses: '200': description: Response with the managed client status, with the given ID and type. content: application/json: schema: $ref: '#/components/schemas/ManagedClientStatus' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:managed-client-status:read - applicationAuth: - idn:managed-client-status:read /managed-clusters: get: tags: - Managed Clusters summary: Get managed clusters description: List current organization's managed clusters, based on request context. operationId: getManagedClusters parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **operational**: *eq* **name**: *eq* **type**: *eq* **status**: *eq* required: false example: operational eq "operation" responses: '200': description: Response with a list of managed clusters. content: application/json: schema: type: array items: $ref: '#/components/schemas/ManagedCluster' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:read - idn:remote-client:manage - applicationAuth: - idn:remote-client:read - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN post: tags: - Managed Clusters summary: Create create managed cluster description: |- Create a new Managed Cluster. The API returns a result that includes the managed cluster ID. operationId: createManagedCluster requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ManagedClusterRequest' responses: '200': description: Created managed cluster. content: application/json: schema: $ref: '#/components/schemas/ManagedCluster' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN /managed-clusters/{id}: get: tags: - Managed Clusters summary: Get managed cluster description: Get a managed cluster by ID. operationId: getManagedCluster parameters: - name: id in: path description: Managed cluster ID. required: true x-sailpoint-resource-operation-id: getManagedClusters example: 2c9180897de347a2017de8859e8c5039 style: simple explode: false schema: type: string responses: '200': description: Response with managed cluster for the given ID. content: application/json: schema: $ref: '#/components/schemas/ManagedCluster' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:read - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN patch: tags: - Managed Clusters summary: Update managed cluster description: Update an existing managed cluster. operationId: updateManagedCluster parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getManagedClusters description: Managed cluster ID. example: 2c9180897de347a2017de8859e8c5039 requestBody: required: true description: JSONPatch payload used to update the object. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' responses: '200': description: Updated managed cluster. content: application/json: schema: $ref: '#/components/schemas/ManagedCluster' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN delete: operationId: deleteManagedCluster tags: - Managed Clusters summary: Delete managed cluster description: Delete an existing managed cluster. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getManagedClusters description: Managed cluster ID. example: 2c9180897de347a2017de8859e8c5039 - in: query name: removeClients schema: type: boolean default: false required: false description: Flag to determine the need to delete a cluster with clients. example: false responses: '204': $ref: '#/components/responses/204' description: Managed cluster was successfully deleted. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN /managed-clusters/{id}/log-config: get: tags: - Managed Clusters summary: Get managed cluster log configuration description: Get a managed cluster's log configuration. operationId: getClientLogConfiguration parameters: - name: id in: path description: ID of managed cluster to get log configuration for. required: true x-sailpoint-resource-operation-id: getManagedClusters schema: type: string format: uuid example: 2b838de9-db9b-abcf-e646-d4f274ad4238 responses: '200': description: Log configuration of managed cluster for given cluster ID. content: application/json: schema: $ref: '#/components/schemas/ClientLogConfiguration' '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:read - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN put: tags: - Managed Clusters summary: Update managed cluster log configuration description: Update a managed cluster's log configuration. You may only specify one of `durationMinutes` or `expiration`, up to 1440 minutes (24 hours) in the future. If neither is specified, the default value for `durationMinutes` is 240. operationId: putClientLogConfiguration parameters: - name: id in: path description: ID of the managed cluster to update the log configuration for. required: true x-sailpoint-resource-operation-id: getManagedClusters schema: type: string format: uuid example: 2b838de9-db9b-abcf-e646-d4f274ad4238 requestBody: description: Client log configuration for the given managed cluster. content: application/json: schema: oneOf: - $ref: '#/components/schemas/ClientLogConfigurationDurationMinutes' - $ref: '#/components/schemas/ClientLogConfigurationExpiration' examples: Duration Minutes: $ref: '#/components/examples/client-log-configuration-duration-minutes' Expiration: $ref: '#/components/examples/client-log-configuration-expiration' required: true responses: '200': description: Response with updated client log configuration for the given managed cluster. content: application/json: schema: $ref: '#/components/schemas/ClientLogConfiguration' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:remote-client:manage x-sailpoint-userLevels: - ORG_ADMIN /managed-clusters/{id}/manualUpgrade: post: tags: - Managed Clusters summary: Trigger manual upgrade for managed cluster description: |- Trigger Manual Upgrade for Managed Cluster. AMS Security: API, Internal A token with SYSTEM_ADMINISTRATOR authority is required to call this API. operationId: update parameters: - name: id in: path description: ID of managed cluster to trigger manual upgrade. required: true x-sailpoint-resource-operation-id: getManagedClusters schema: type: string format: uuid example: 2b838de9-db9b-abcf-e646-d4f274ad4238 responses: '200': description: Manual upgrade of managed cluster for given cluster ID. content: application/json: schema: $ref: '#/components/schemas/ClusterManualUpgrade' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:managed-cluster-upgrade:manage x-sailpoint-userLevels: - ORG_ADMIN /managed-cluster-types: get: tags: - Managed Cluster Types summary: Get managed cluster types description: |- Get a list of Managed Cluster Types. AMS Security: Devops, Internal A token with SaaS Platform Internal or DevOps is required to access this endpoint. operationId: getManagedClusterTypes parameters: - name: type in: query required: false description: Type descriptor schema: type: string example: IDN - name: pod in: query required: false description: Pinned pod (or default) schema: type: string example: megapod-useast1 - name: org in: query required: false description: Pinned org (or default) schema: type: string example: denali-xyz - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' responses: '200': description: Responds with a list of ManagedClusterType based on the query params provided content: application/json: schema: type: array items: $ref: '#/components/schemas/ManagedClusterType' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:managed-cluster-types:read - idn:managed-cluster-types:manage x-sailpoint-userLevels: - ORG_ADMIN post: tags: - Managed Cluster Types summary: Create new managed cluster type description: |- Create a new Managed Cluster Type. AMS Security: Devops, Internal A token with SaaS Platform Internal or DevOps is required to access this endpoint. The API returns a result that includes the Managed Cluster Type ID operationId: createManagedClusterType requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ManagedClusterType' responses: '200': description: The created ManagedClusterType content: application/json: schema: $ref: '#/components/schemas/ManagedClusterType' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:managed-cluster-types:manage x-sailpoint-userLevels: - ORG_ADMIN /managed-cluster-types/{id}: get: tags: - Managed Cluster Types summary: Get a managed cluster type description: |- Get a Managed Cluster Type. AMS Security: Devops, Internal A token with SaaS Platform Internal or DevOps is required to access this endpoint. operationId: getManagedClusterType parameters: - name: id in: path description: The Managed Cluster Type ID required: true x-sailpoint-resource-operation-id: getManagedClusterTypes schema: type: string example: aClusterTypeId responses: '200': description: Responds with a ManagedClusterType content: application/json: schema: $ref: '#/components/schemas/ManagedClusterType' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:managed-cluster-types:read - idn:managed-cluster-types:manage x-sailpoint-userLevels: - ORG_ADMIN patch: tags: - Managed Cluster Types summary: Update a managed cluster type description: |- Update an existing Managed Cluster Type. AMS Security: Devops, Internal A token with SaaS Platform Internal or DevOps is required to access this endpoint. operationId: updateManagedClusterType parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getManagedClusterTypes description: The Managed Cluster Type ID example: aClusterTypeId requestBody: required: true description: The JSONPatch payload used to update the schema. content: application/json-patch+json: schema: $ref: '#/components/schemas/JsonPatch' responses: '200': description: The updated ManagedClusterType content: application/json: schema: $ref: '#/components/schemas/ManagedClusterType' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:managed-cluster-types:manage x-sailpoint-userLevels: - ORG_ADMIN delete: operationId: deleteManagedClusterType tags: - Managed Cluster Types summary: Delete a managed cluster type description: |- Delete an existing Managed Cluster Type. AMS Security: Devops, Internal A token with SaaS Platform Internal or DevOps is required to access this endpoint. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getManagedClusterTypes description: The Managed Cluster Type ID example: aClusterTypeId responses: '204': $ref: '#/components/responses/204' description: The Managed Cluster Type was successfully deleted. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:managed-cluster-types:manage x-sailpoint-userLevels: - ORG_ADMIN /mfa/okta-verify/config: get: operationId: getMFAOktaConfig tags: - MFA Configuration summary: Configuration of okta mfa method description: This API returns the configuration of an Okta MFA method. security: - userAuth: - idn:mfa-configuration:read - idn:mfa-configuration:manage x-sailpoint-userLevels: - ORG_ADMIN responses: '200': description: The configuration of an Okta MFA method. content: application/json: schema: $ref: '#/components/schemas/MfaOktaConfig' example: mfaMethod: okta-verify enabled: true host: www.example.com accessKey: d******Y identityAttribute: email '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: setMFAOktaConfig tags: - MFA Configuration summary: Set okta mfa configuration description: This API sets the configuration of an Okta MFA method. security: - userAuth: - idn:mfa-configuration:manage x-sailpoint-userLevels: - ORG_ADMIN requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/MfaOktaConfig' example: mfaMethod: okta-verify enabled: true host: www.example.com accessKey: dk778Y3QlA5UqocYpdU3rEkzrK2D497y identityAttribute: email responses: '200': description: MFA configuration of an Okta MFA method. content: application/json: schema: $ref: '#/components/schemas/MfaOktaConfig' example: mfaMethod: okta-verify enabled: true host: www.example.com accessKey: d******Y identityAttribute: email '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /mfa/duo-web/config: get: operationId: getMFADuoConfig tags: - MFA Configuration summary: Configuration of duo mfa method description: This API returns the configuration of an Duo MFA method. security: - userAuth: - idn:mfa-configuration:read - idn:mfa-configuration:manage x-sailpoint-userLevels: - ORG_ADMIN responses: '200': description: The configuration of an Duo MFA method. content: application/json: schema: $ref: '#/components/schemas/MfaDuoConfig' example: mfaMethod: duo-web enabled: true host: www.example.com accessKey: d******Y identityAttribute: email configProperties: skey: 6******B ikey: Q123WE45R6TY7890ZXCV '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: setMFADuoConfig tags: - MFA Configuration summary: Set duo mfa configuration description: This API sets the configuration of an Duo MFA method. security: - userAuth: - idn:mfa-configuration:manage x-sailpoint-userLevels: - ORG_ADMIN requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/MfaDuoConfig' example: mfaMethod: duo-web enabled: true host: www.example.com accessKey: qw123Y3QlA5UqocYpdU3rEkzrK2D497y identityAttribute: email configProperties: skey: 12q3WERlcUHWJmiMqyCXI3uOF7EaDJTbdeOp6E2B ikey: Q123WE45R6TY7890ZXCV responses: '200': description: MFA configuration of an Duo MFA method. content: application/json: schema: $ref: '#/components/schemas/MfaDuoConfig' example: mfaMethod: duo-web enabled: true host: www.example.com accessKey: q******y identityAttribute: email configProperties: skey: 1******B ikey: Q123WE45R6TY7890ZXCV '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /mfa/kba/config: get: operationId: getMFAKbaConfig tags: - MFA Configuration summary: Configuration of kba mfa method description: This API returns the KBA configuration for MFA. parameters: - in: query name: allLanguages required: false schema: type: boolean description: |- Indicator whether the question text should be returned in all configured languages * If true, the question text is returned in all languages that it is configured in. * If false, the question text is returned in the user locale if available, else for the default locale. * If not passed, it behaves the same way as passing this parameter as false example: allLanguages=true security: - userAuth: - idn:mfa-kba:read x-sailpoint-userLevels: - ORG_ADMIN - USER responses: '200': description: The configuration for KBA MFA method. content: application/json: schema: type: array items: $ref: '#/components/schemas/KbaQuestion' example: - id: 143cfd3b-c23f-426b-ae5f-d3db06fa5919 text: MFA new question -1 ? hasAnswer: false numAnswers: 0 - id: '173421' text: What is your alphanumeric PIN? hasAnswer: false numAnswers: 3 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /mfa/kba/config/answers: post: operationId: setMFAKBAConfig tags: - MFA Configuration summary: Set mfa kba configuration description: 'This API sets answers to challenge questions. Any configured questions omitted from the request are removed from user KBA configuration. ' requestBody: required: true content: application/json: schema: type: array items: $ref: '#/components/schemas/KbaAnswerRequestItem' example: - id: '173423' answer: 822cd15d6c15aa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a0859a2fea34 - id: c54fee53-2d63-4fc5-9259-3e93b9994135 answer: 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08 security: - userAuth: - idn:mfa-kba:authenticate x-sailpoint-userLevels: - USER responses: '200': description: The new KBA configuration for the user. content: application/json: schema: type: array items: $ref: '#/components/schemas/KbaAnswerResponseItem' example: - id: 143cfd3b-c23f-426b-ae5f-d3db06fa5919 question: '[{"text":"Nouvelle question MFA -1 ?","locale":"fr"},{"text":"MFA new question -1 ?","locale":""}]' hasAnswer: false - id: '173421' question: '[{"text":"What is your alphanumeric PIN?","locale":""}]' hasAnswer: true - id: c54fee53-2d63-4fc5-9259-3e93b9994135 question: '[{"text":"Nouvelle question MFA - 2 ?","locale":"fr"},{"text":"MFA new question - 2 ?","locale":""}]' hasAnswer: true '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /mfa/{method}/test: get: operationId: testMFAConfig tags: - MFA Configuration summary: Mfa method's test configuration description: This API validates that the configuration is valid and will properly authenticate with the MFA provider identified by the method path parameter. security: - userAuth: - idn:mfa-configuration:read - idn:mfa-configuration:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: method schema: type: string example: okta-verify nullable: false enum: - okta-verify - duo-web required: true description: The name of the MFA method. The currently supported method names are 'okta-verify' and 'duo-web'. responses: '200': description: The result of configuration test for the MFA provider. content: application/json: schema: $ref: '#/components/schemas/MfaConfigTestResponse' example: state: SUCCESS error: null '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /multihosts: post: tags: - Multi-Host Integration summary: Create multi-host integration description: |- This API is used to create Multi-Host Integration. Multi-host Integration holds similar types of sources. A token with Org Admin or Multi-Host Admin authority is required to access this endpoint. operationId: createMultiHostIntegration requestBody: description: The specifics of the Multi-Host Integration to create content: application/json: schema: $ref: '#/components/schemas/MultiHostIntegrationsCreate' required: true responses: '201': description: OK. Returned if the request was successfully accepted into the system. content: application/json: schema: $ref: '#/components/schemas/MultiHostIntegrations' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:sources:manage - idn:multihosts-admin:manage - applicationAuth: - idn:sources:manage - idn:multihosts-admin:manage get: tags: - Multi-Host Integration summary: List all existing multi-host integrations description: |- Get a list of Multi-Host Integrations. A token with Org Admin or Multi-Host Admin authority is required to access this endpoint. operationId: getMultiHostIntegrationsList parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - name: sorters in: query required: false style: form explode: true schema: type: string description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name** example: name - name: filters in: query required: false style: form explode: true schema: type: string format: comma-separated description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **type**: *in* **forSubAdminId**: *in* example: id eq 2c91808b6ef1d43e016efba0ce470904 - $ref: '#/components/parameters/count' - name: for-subadmin in: query schema: type: string description: |- If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity or SOURCE_SUBADMIN identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin. example: 5168015d32f890ca15812c9180835d2e responses: '200': description: OK. Returned if the request was successfully accepted into the system. content: application/json: schema: type: array items: $ref: '#/components/schemas/MultiHostIntegrations' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:sources:read - idn:multihosts-admin:manage - applicationAuth: - idn:sources:read - idn:multihosts-admin:manage /multihosts/types: get: tags: - Multi-Host Integration summary: List multi-host integration types description: |- This API endpoint returns the current list of supported Multi-Host Integration types. A token with Org Admin or Multi-Host Admin authority is required to access this endpoint. operationId: getMultihostIntegrationTypes responses: '200': description: OK. Returned if the request was successfully accepted into the system. content: application/json: schema: type: array items: $ref: '#/components/schemas/MultiHostIntegrationTemplateType' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:sources:read - idn:multihosts-admin:manage - applicationAuth: - idn:sources:read - idn:multihosts-admin:manage /multihosts/{multihostId}: post: tags: - Multi-Host Integration summary: Create sources within multi-host integration description: |- This API is used to create sources within Multi-Host Integration. Multi-Host Integration holds similar types of sources. A token with Org Admin or Multi-Host Admin authority is required to access this endpoint. operationId: createSourcesWithinMultiHost parameters: - name: multihostId in: path description: ID of the Multi-Host Integration. required: true x-sailpoint-resource-operation-id: getMultiHostIntegrations style: simple explode: false schema: type: string example: 2c91808568c529c60168cca6f90c1326 requestBody: description: The specifics of the sources to create within Multi-Host Integration. content: application/json: schema: type: array items: $ref: '#/components/schemas/MultiHostIntegrationsCreateSources' required: true responses: '200': description: OK. Returned if the request was successfully accepted into the system. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:sources:manage - idn:multihosts-admin:manage - applicationAuth: - idn:sources:manage - idn:multihosts-admin:manage get: tags: - Multi-Host Integration summary: Get multi-host integration by id description: |- Get an existing Multi-Host Integration. A token with Org Admin or Multi-Host Integration Admin authority is required to access this endpoint. operationId: getMultiHostIntegrations parameters: - name: multihostId in: path description: ID of the Multi-Host Integration. required: true x-sailpoint-resource-operation-id: getMultiHostIntegrations style: simple explode: false schema: type: string example: 2c91808568c529c60168cca6f90c1326 responses: '200': description: OK. Returned if the request was successfully accepted into the system. content: application/json: schema: $ref: '#/components/schemas/MultiHostIntegrations' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:sources:read - idn:multihosts-admin:manage - applicationAuth: - idn:sources:read - idn:multihosts-admin:manage delete: tags: - Multi-Host Integration summary: Delete multi-host integration description: |- Delete an existing Multi-Host Integration by ID. A token with Org Admin or Multi Host Admin authority is required to access this endpoint. operationId: deleteMultiHost parameters: - name: multihostId in: path description: ID of Multi-Host Integration to delete. required: true x-sailpoint-resource-operation-id: getMultiHostIntegrations style: simple explode: false schema: type: string example: 2c91808568c529c60168cca6f90c1326 responses: '200': description: OK. Returned if the request was successfully accepted into the system. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:sources:manage - idn:multihosts-admin:manage - applicationAuth: - idn:sources:manage - idn:multihosts-admin:manage patch: operationId: updateMultiHostSources tags: - Multi-Host Integration summary: Update multi-host integration description: |- Update existing sources within Multi-Host Integration. A token with Org Admin or Multi-Host Admin authority is required to access this endpoint. parameters: - name: multihostId in: path description: ID of the Multi-Host Integration to update. required: true x-sailpoint-resource-operation-id: getMultiHostIntegrations style: simple explode: false schema: type: string example: anId requestBody: required: true description: | This endpoint allows you to update a Multi-Host Integration. content: application/json-patch+json: schema: type: array description: A JSONPatch document as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902). items: type: object description: A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902) required: - op - path properties: op: type: string description: The operation to be performed enum: - add - replace example: replace path: type: string description: A string JSON Pointer representing the target path to an element to be affected by the operation example: /description value: oneOf: - type: string example: New description title: string - type: boolean example: true title: boolean - type: integer example: 300 title: integer - type: object title: object example: attributes: name: philip - type: array title: array items: anyOf: - type: string - type: integer - type: object example: - '001' - '002' - '003' description: The value to be used for the operation, required for "add" and "replace" operations example: New description example: - op: add path: /description value: MDK Multi-Host Integration 222 description responses: '200': description: OK. Returned if the request was successfully accepted into the system. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:multihosts-admin:manage /multihosts/{multihostId}/sources/testConnection: post: tags: - Multi-Host Integration summary: Test configuration for multi-host integration description: |- This endpoint performs a more detailed validation of the Multi-Host Integration's configuration. A token with Org Admin or Multi-Host Admin authority is required to access this endpoint. operationId: testConnectionMultiHostSources parameters: - name: multihostId in: path description: ID of the Multi-Host Integration required: true x-sailpoint-resource-operation-id: getMultiHostIntegrations style: simple explode: false schema: type: string example: 2c91808568c529c60168cca6f90c1324 responses: '200': description: OK. Returned if the request was successfully accepted into the system. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:multihosts-admin:manage /multihosts/{multihostId}/sources/{sourceId}/testConnection: get: tags: - Multi-Host Integration summary: Test configuration for multi-host integration's single source description: |- This endpoint performs a more detailed validation of the source's configuration. A token with Org Admin or Multi-Host Admin authority is required to access this endpoint. operationId: testSourceConnectionMultihost parameters: - name: multihostId in: path description: ID of the Multi-Host Integration required: true x-sailpoint-resource-operation-id: getMultiHostIntegrations style: simple explode: false schema: type: string example: 2c91808568c529c60168cca6f90c1326 - name: sourceId in: path description: ID of the source within the Multi-Host Integration required: true x-sailpoint-resource-operation-id: getSourcesWithinMultiHost style: simple explode: false schema: type: string example: 2c91808568c529f60168cca6f90c1324 responses: '200': description: OK. Returned if the request was successfully accepted into the system. content: application/json: schema: type: object properties: success: type: boolean description: Source's test connection status. example: true message: type: string description: Source's test connection message. example: Tes. timing: type: integer description: Source's test connection timing. example: 30437 resultType: enum: - SOURCE_STATE_ERROR_CLUSTER - SOURCE_STATE_ERROR_SOURCE - SOURCE_STATE_ERROR_VA - SOURCE_STATE_FAILURE_CLUSTER - SOURCE_STATE_FAILURE_SOURCE - SOURCE_STATE_HEALTHY - SOURCE_STATE_UNCHECKED_CLUSTER - SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES - SOURCE_STATE_UNCHECKED_SOURCE - SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS - SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT description: Source's human-readable result type. example: SOURCE_STATE_HEALTHY testConnectionDetails: type: string description: Source's human-readable test connection details. example: null '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:sources:read - idn:multihosts-admin:manage - applicationAuth: - idn:sources:read - idn:multihosts-admin:manage /multihosts/{multihostId}/sources: get: tags: - Multi-Host Integration summary: List sources within multi-host integration description: |- Get a list of sources within Multi-Host Integration ID. A token with Org Admin or Multi-Host Admin authority is required to access this endpoint. operationId: getSourcesWithinMultiHost parameters: - name: multihostId in: path description: ID of the Multi-Host Integration to update required: true x-sailpoint-resource-operation-id: getMultiHostIntegrations style: simple explode: false schema: type: string example: aMultiHostId - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - name: sorters in: query required: false style: form explode: true schema: type: string description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name** example: name - name: filters in: query required: false style: form explode: true schema: type: string format: comma-separated description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *in* example: id eq 2c91808b6ef1d43e016efba0ce470904 - $ref: '#/components/parameters/count' responses: '200': description: OK. Returned if the request was successfully accepted into the system. content: application/json: schema: type: array items: $ref: '#/components/schemas/MultiHostSources' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:sources:read - idn:multihosts-admin:manage - applicationAuth: - idn:sources:read - idn:multihosts-admin:manage /multihosts/{multiHostId}/sources/errors: get: tags: - Multi-Host Integration summary: List multi-host source creation errors description: |- Get a list of sources creation errors within Multi-Host Integration ID. A token with Org Admin or Multi-Host Admin authority is required to access this endpoint. operationId: getMultiHostSourceCreationErrors parameters: - name: multiHostId in: path description: ID of the Multi-Host Integration required: true x-sailpoint-resource-operation-id: getMultiHostIntegrations style: simple explode: false schema: type: string example: 004091cb79b04636b88662afa50a4440 responses: '200': description: OK. Returned if the request was successfully accepted into the system. content: application/json: schema: type: array items: $ref: '#/components/schemas/SourceCreationErrors' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:sources:read - idn:multihosts-admin:manage - applicationAuth: - idn:sources:read - idn:multihosts-admin:manage /multihosts/{multihostId}/acctAggregationGroups: get: tags: - Multi-Host Integration summary: List account-aggregation-groups by multi-host id description: |- This API will return array of account aggregation groups within provided Multi-Host Integration ID. A token with Org Admin or Multi-Host Admin authority is required to access this endpoint. operationId: getAcctAggregationGroups parameters: - name: multihostId in: path description: ID of the Multi-Host Integration to update required: true x-sailpoint-resource-operation-id: getMultiHostIntegrations style: simple explode: false schema: type: string example: aMultiHostId - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' responses: '200': description: OK. Returned if the request was successfully accepted into the system. content: application/json: schema: type: array items: $ref: '#/components/schemas/MultiHostIntegrationsAggScheduleUpdate' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:multihosts-admin:manage x-sailpoint-userLevels: - ORG_ADMIN /multihosts/{multiHostId}/entitlementAggregationGroups: get: tags: - Multi-Host Integration summary: List entitlement-aggregation-groups by integration id description: |- This API will return array of aggregation groups within provided Multi-Host Integration ID. A token with Org Admin or Multi-Host Admin authority is required to access this endpoint. operationId: getEntitlementAggregationGroups parameters: - name: multiHostId in: path description: ID of the Multi-Host Integration to update required: true x-sailpoint-resource-operation-id: getMultiHostIntegrations style: simple explode: false schema: type: string example: aMultiHostId - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' responses: '200': description: OK. Returned if the request was successfully accepted into the system. content: application/json: schema: type: array items: $ref: '#/components/schemas/MultiHostIntegrationsAggScheduleUpdate' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:multihosts-admin:manage x-sailpoint-userLevels: - ORG_ADMIN /non-employee-records: post: operationId: createNonEmployeeRecord tags: - Non-Employee Lifecycle Management summary: Create non-employee record description: |- This request will create a non-employee record. Requires role context of `idn:nesr:create` requestBody: description: Non-Employee record creation request body. required: true content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRequestBody' responses: '200': description: Created non-employee record. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRecord' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage get: operationId: listNonEmployeeRecords security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: List non-employee records description: |- This gets a list of non-employee records. There are two contextual uses for this endpoint: 1. The user has the role context of `idn:nesr:read`, in which case they can get a list of all of the non-employees. 2. The user is an account manager, in which case they can get a list of the non-employees that they manage. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: sorters required: false schema: type: string format: comma-separated example: accountName,sourceId description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified** - in: query name: filters required: false schema: type: string example: sourceId eq "2c91808568c529c60168cca6f90c1313" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **sourceId**: *eq* responses: '200': description: Non-Employee record objects content: application/json: schema: type: array items: $ref: '#/components/schemas/NonEmployeeRecord' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-records/{id}: get: operationId: getNonEmployeeRecord tags: - Non-Employee Lifecycle Management summary: Get a non-employee record description: |- This gets a non-employee record. Requires role context of `idn:nesr:read` parameters: - in: path name: id description: Non-Employee record id (UUID) required: true x-sailpoint-resource-operation-id: listNonEmployeeRecords example: ef38f94347e94562b5bb8424a56397d8 schema: type: string responses: '200': description: Non-Employee record object content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRecord' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read put: operationId: updateNonEmployeeRecord security: - userAuth: - idn:nelm:manage tags: - Non-Employee Lifecycle Management summary: Update non-employee record description: |- This request will update a non-employee record. There are two contextual uses for this endpoint: 1. The user has the role context of `idn:nesr:update`, in which case they update all available fields. 2. The user is owner of the source, in this case they can only update the end date. parameters: - in: path name: id description: Non-employee record id (UUID) example: ef38f94347e94562b5bb8424a56397d8 required: true x-sailpoint-resource-operation-id: listNonEmployeeRecords schema: type: string requestBody: description: Non-employee record creation request body. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields. required: true content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRequestBody' responses: '200': description: An updated non-employee record. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRecord' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchNonEmployeeRecord security: - userAuth: - idn:nelm:manage tags: - Non-Employee Lifecycle Management summary: Patch non-employee record description: |- This request will patch a non-employee record. There are two contextual uses for this endpoint: 1. The user has the role context of `idn:nesr:update`, in which case they update all available fields. 2. The user is owner of the source, in this case they can only update the end date. parameters: - in: path name: id description: Non-employee record id (UUID) example: ef38f94347e94562b5bb8424a56397d8 required: true x-sailpoint-resource-operation-id: listNonEmployeeRecords schema: type: string requestBody: description: A list of non-employee update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields. required: true content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /endDate value: '2019-08-23T18:40:35.772Z' responses: '200': description: A patched non-employee record. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRecord' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteNonEmployeeRecord tags: - Non-Employee Lifecycle Management summary: Delete non-employee record description: |- This request will delete a non-employee record. Requires role context of `idn:nesr:delete` parameters: - in: path name: id description: Non-Employee record id (UUID) example: ef38f94347e94562b5bb8424a56397d8 required: true x-sailpoint-resource-operation-id: listNonEmployeeRecords schema: type: string responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage /non-employee-records/bulk-delete: post: operationId: deleteNonEmployeeRecordsInBulk tags: - Non-Employee Lifecycle Management summary: Delete multiple non-employee records description: This request will delete multiple non-employee records based on the non-employee ids provided. Requires role context of `idn:nesr:delete` requestBody: description: Non-Employee bulk delete request body. required: true content: application/json: schema: type: object properties: ids: description: List of non-employee ids. type: array items: type: string format: uuid example: - 2b838de9-db9b-abcf-e646-d4f274ad4238 - 2d838de9-db9b-abcf-e646-d4f274ad4238 required: - ids responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage /non-employee-requests: post: operationId: createNonEmployeeRequest security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage tags: - Non-Employee Lifecycle Management summary: Create non-employee request description: This request will create a non-employee request and notify the approver. Requires role context of `idn:nesr:create` or the user must own the source. requestBody: description: Non-Employee creation request body required: true content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRequestBody' responses: '200': description: Non-Employee request creation object content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRequest' '400': description: Client Error - Returned if the request body is invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: 400.1 Bad Request Content: description: Response for bad request content value: detailCode: 400.1 Bad Request Content trackingId: e7eab60924f64aa284175b9fa3309599 messages: - locale: en localeOrigin: REQUEST text: firstName is required; accountName is required; 400.1.409 Reference conflict: description: Response for reference conflict value: detailCode: 400.1.409 Reference conflict trackingId: e7eab60924f64aa284175b9fa3309599 messages: - locale: en localeOrigin: REQUEST text: Unable to create Non-Employee because the accountName "existed" is already being used. '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' get: operationId: listNonEmployeeRequests security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: List non-employee requests description: |- This gets a list of non-employee requests. There are two contextual uses for the `requested-for` path parameter: 1. The user has the role context of `idn:nesr:read`, in which case he or she may request a list non-employee requests assigned to a particular account manager by passing in that manager's id. 2. The current user is an account manager, in which case "me" should be provided as the `requested-for` value. This will provide the user with a list of the non-employee requests in the source(s) he or she manages. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: requested-for required: true schema: type: string example: e136567de87e4d029e60b3c3c55db56d description: The identity for whom the request was made. *me* indicates the current user. - in: query name: sorters required: false schema: type: string format: comma-separated example: created,approvalStatus description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate** - in: query name: filters required: false schema: type: string example: sourceId eq "2c91808568c529c60168cca6f90c1313" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **sourceId**: *eq* responses: '200': description: List of non-employee request objects. content: application/json: schema: type: array items: $ref: '#/components/schemas/NonEmployeeRequest' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-requests/{id}: get: operationId: getNonEmployeeRequest security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: Get a non-employee request description: |- This gets a non-employee request. There are two contextual uses for this endpoint: 1. The user has the role context of `idn:nesr:read`, in this case the user can get the non-employee request for any user. 2. The user must be the owner of the non-employee request. parameters: - in: path name: id description: Non-Employee request id (UUID) example: ac110005-7156-1150-8171-5b292e3e0084 required: true x-sailpoint-resource-operation-id: listNonEmployeeRequests schema: type: string responses: '200': description: Non-Employee request object. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRequest' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteNonEmployeeRequest tags: - Non-Employee Lifecycle Management summary: Delete non-employee request description: |- This request will delete a non-employee request. Requires role context of `idn:nesr:delete` parameters: - in: path name: id description: Non-Employee request id in the UUID format required: true x-sailpoint-resource-operation-id: listNonEmployeeRequests schema: type: string format: uuid example: ac110005-7156-1150-8171-5b292e3e0084 responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage /non-employee-requests/summary/{requested-for}: get: operationId: getNonEmployeeRequestSummary security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: Get summary of non-employee requests description: |- This request will retrieve a summary of non-employee requests. There are two contextual uses for the `requested-for` path parameter: 1. The user has the role context of `idn:nesr:read`, in which case he or she may request a summary of all non-employee approval requests assigned to a particular account manager by passing in that manager's id. 2. The current user is an account manager, in which case "me" should be provided as the `requested-for` value. This will provide the user with a summary of the non-employee requests in the source(s) he or she manages. parameters: - in: path name: requested-for description: The identity (UUID) of the non-employee account manager for whom the summary is being retrieved. Use "me" instead to indicate the current user. required: true x-sailpoint-resource-operation-id: listNonEmployeeRecords schema: type: string format: uuid (if user is Org Admin) example: 2c91808280430dfb0180431a59440460 responses: '200': description: Non-Employee request summary object. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRequestSummary' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-sources: post: operationId: createNonEmployeeSource security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Non-Employee Lifecycle Management summary: Create non-employee source description: 'Create a non-employee source. ' requestBody: description: Non-Employee source creation request body. required: true content: application/json: schema: $ref: '#/components/schemas/NonEmployeeSourceRequestBody' responses: '200': description: Created non-employee source. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeSourceWithCloudExternalId' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' get: operationId: listNonEmployeeSources security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read x-sailpoint-userLevels: - ORG_ADMIN tags: - Non-Employee Lifecycle Management summary: List non-employee sources description: |- Get a list of non-employee sources. There are two contextual uses for the `requested-for` path parameter: 1. If the user has the role context of `idn:nesr:read`, he or she may request a list sources assigned to a particular account manager by passing in that manager's `id`. 2. If the current user is an account manager, the user should provide 'me' as the `requested-for` value. Doing so provide the user with a list of the sources he or she owns. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: requested-for required: false schema: type: string example: me description: Identity the request was made for. Use 'me' to indicate the current user. - in: query name: non-employee-count required: false example: true schema: type: boolean default: false description: Flag that determines whether the API will return a non-employee count associated with the source. - in: query name: sorters required: false schema: type: string format: comma-separated example: name,created description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, sourceId** responses: '200': description: List of non-employee sources objects. content: application/json: schema: type: array items: $ref: '#/components/schemas/NonEmployeeSourceWithNECount' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-sources/{sourceId}: get: operationId: getNonEmployeeSource security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: Get a non-employee source description: |- This gets a non-employee source. There are two contextual uses for the requested-for path parameter: 1. The user has the role context of `idn:nesr:read`, in which case he or she may request any source. 2. The current user is an account manager, in which case the user can only request sources that they own. parameters: - in: path name: sourceId description: Source Id example: 2c91808b7c28b350017c2a2ec5790aa1 required: true x-sailpoint-resource-operation-id: listNonEmployeeSources schema: type: string responses: '200': description: Non-Employee source object. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeSource' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchNonEmployeeSource tags: - Non-Employee Lifecycle Management summary: Patch a non-employee source description: 'patch a non-employee source. (partial update)
Patchable field: **name, description, approvers, accountManagers** Requires role context of `idn:nesr:update`.' parameters: - in: path name: sourceId description: Source Id required: true x-sailpoint-resource-operation-id: listNonEmployeeSources schema: type: string example: e136567de87e4d029e60b3c3c55db56d requestBody: description: A list of non-employee source update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. required: true content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /name value: new name: null - op: replace path: /approvers value: - 2c91809f703bb37a017040a2fe8748c7 - 48b1f463c9e8427db5a5071bd81914b8 responses: '200': description: A patched non-employee source object. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeSource' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage delete: operationId: deleteNonEmployeeSource tags: - Non-Employee Lifecycle Management summary: Delete non-employee source description: This request will delete a non-employee source. Requires role context of `idn:nesr:delete`. parameters: - in: path name: sourceId description: Source Id required: true x-sailpoint-resource-operation-id: listNonEmployeeSources schema: type: string example: e136567de87e4d029e60b3c3c55db56d responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage /non-employee-sources/{id}/non-employees/download: get: operationId: exportNonEmployeeRecords tags: - Non-Employee Lifecycle Management summary: Exports non-employee records to csv description: This requests a CSV download for all non-employees from a provided source. Requires role context of `idn:nesr:read` parameters: - in: path name: id description: Source Id (UUID) required: true x-sailpoint-resource-operation-id: listNonEmployeeSources schema: type: string example: e136567de87e4d029e60b3c3c55db56d responses: '200': description: Exported CSV content: text/csv: example: | accountName,firstName,lastName,phone,email,manager,startDate,endDate Jon.Smith, Jon, Smith, 555-555-5555, jon@jon.doe.nope.com, Jim Smith, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00 William.Chaffin, William, Chaffin, 555-555-5555, william@chaffins.nope.com, Bertram Chaffin, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read /non-employee-sources/{id}/non-employee-bulk-upload: post: operationId: importNonEmployeeRecordsInBulk security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage tags: - Non-Employee Lifecycle Management summary: Imports, or updates, non-employee records description: This post will import, or update, Non-Employee records found in the CSV. Requires role context of `idn:nesr:create` parameters: - in: path name: id description: Source Id (UUID) required: true x-sailpoint-resource-operation-id: listNonEmployeeSources schema: type: string example: e136567de87e4d029e60b3c3c55db56d requestBody: content: multipart/form-data: schema: type: object properties: data: type: string format: binary required: - data responses: '202': description: The CSV was accepted to be bulk inserted now or at a later time. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeBulkUploadJob' '400': description: | Client Error - Returned if the request body is invalid. The response body will contain the list of specific errors with one on each line. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-sources/{id}/non-employee-bulk-upload/status: get: operationId: getNonEmployeeBulkUploadStatus tags: - Non-Employee Lifecycle Management summary: Obtain the status of bulk upload on the source description: | The nonEmployeeBulkUploadStatus API returns the status of the newest bulk upload job for the specified source. Requires role context of `idn:nesr:read` parameters: - in: path name: id description: Source ID (UUID) required: true x-sailpoint-resource-operation-id: listNonEmployeeSources schema: type: string example: e136567de87e4d029e60b3c3c55db56d responses: '200': description: Status of the newest bulk-upload job, if any. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeBulkUploadStatus' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read /non-employee-sources/{id}/schema-attributes-template/download: get: operationId: exportNonEmployeeSourceSchemaTemplate tags: - Non-Employee Lifecycle Management summary: Exports source schema template description: This requests a download for the Source Schema Template for a provided source. Requires role context of `idn:nesr:read` parameters: - in: path name: id description: Source Id (UUID) required: true x-sailpoint-resource-operation-id: listNonEmployeeSources example: ef38f94347e94562b5bb8424a56397d8 schema: type: string responses: '200': description: Exported Source Schema Template content: text/csv: example: | accountName,firstName,lastName,phone,email,manager,startDate,endDate '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read /non-employee-approvals: get: operationId: listNonEmployeeApprovals security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: Get list of non-employee approval requests description: |- This gets a list of non-employee approval requests. There are two contextual uses for this endpoint: 1. The user has the role context of `idn:nesr:read`, in which case they can list the approvals for any approver. 2. The user owns the requested approval. parameters: - in: query name: requested-for schema: type: string description: The identity for whom the request was made. *me* indicates the current user. required: false example: 2c91808280430dfb0180431a59440460 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **approvalStatus**: *eq* example: approvalStatus eq "Pending" required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **created, modified** required: false example: created responses: '200': description: List of approval items. content: application/json: schema: type: array items: $ref: '#/components/schemas/NonEmployeeApprovalItem' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-approvals/{id}: get: operationId: getNonEmployeeApproval security: - userAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: Get a non-employee approval item detail description: |- Gets a non-employee approval item detail. There are two contextual uses for this endpoint: 1. The user has the role context of `idn:nesr:read`, in which case they can get any approval. 2. The user owns the requested approval. parameters: - in: path name: id description: Non-Employee approval item id (UUID) required: true x-sailpoint-resource-operation-id: listNonEmployeeApprovals schema: type: string example: e136567de87e4d029e60b3c3c55db56d - in: query name: include-detail description: The object nonEmployeeRequest will not be included detail when set to false. *Default value is true* required: false schema: type: boolean example: true responses: '200': description: Non-Employee approval item object. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeApprovalItemDetail' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-approvals/{id}/approve: post: operationId: approveNonEmployeeRequest security: - userAuth: - idn:nelm:manage tags: - Non-Employee Lifecycle Management summary: Approve a non-employee request description: Approves a non-employee approval request and notifies the next approver. The current user must be the requested approver. parameters: - in: path name: id description: Non-Employee approval item id (UUID) required: true x-sailpoint-resource-operation-id: listNonEmployeeApprovals schema: type: string example: e136567de87e4d029e60b3c3c55db56d requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/NonEmployeeApprovalDecision' responses: '200': description: Non-Employee approval item object. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeApprovalItem' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-approvals/{id}/reject: post: operationId: rejectNonEmployeeRequest security: - userAuth: - idn:nelm:manage tags: - Non-Employee Lifecycle Management summary: Reject a non-employee request description: This endpoint will reject an approval item request and notify user. The current user must be the requested approver. parameters: - in: path name: id description: Non-Employee approval item id (UUID) required: true x-sailpoint-resource-operation-id: listNonEmployeeApprovals schema: type: string example: e136567de87e4d029e60b3c3c55db56d requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/NonEmployeeRejectApprovalDecision' responses: '200': description: Non-Employee approval item object. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeApprovalItem' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-approvals/summary/{requested-for}: get: operationId: getNonEmployeeApprovalSummary security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: Get summary of non-employee approval requests description: |- This request will retrieve a summary of non-employee approval requests. There are two contextual uses for the `requested-for` path parameter: 1. The user has the role context of `idn:nesr:read`, in which case he or she may request a summary of all non-employee approval requests assigned to a particular approver by passing in that approver's id. 2. The current user is an approver, in which case "me" should be provided as the `requested-for` value. This will provide the approver with a summary of the approval items assigned to him or her. parameters: - in: path name: requested-for schema: type: string description: The identity (UUID) of the approver for whom for whom the summary is being retrieved. Use "me" instead to indicate the current user. required: true x-sailpoint-resource-operation-id: listIdentities example: 2c91808280430dfb0180431a59440460 responses: '200': description: summary of non-employee approval requests content: application/json: schema: $ref: '#/components/schemas/NonEmployeeApprovalSummary' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /non-employee-sources/{sourceId}/schema-attributes: get: operationId: getNonEmployeeSourceSchemaAttributes security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: List schema attributes non-employee source description: |- This API gets the list of schema attributes for the specified Non-Employee SourceId. There are 8 mandatory attributes added to each new Non-Employee Source automatically. Additionaly, user can add up to 10 custom attributes. This interface returns all the mandatory attributes followed by any custom attributes. At most, a total of 18 attributes will be returned. Requires role context of `idn:nesr:read` or the user must be an account manager of the source. parameters: - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listNonEmployeeSources example: ef38f94347e94562b5bb8424a56397d8 description: The Source id responses: '200': description: A list of Schema Attributes content: application/json: schema: type: array items: $ref: '#/components/schemas/NonEmployeeSchemaAttribute' maxItems: 18 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createNonEmployeeSourceSchemaAttributes tags: - Non-Employee Lifecycle Management summary: Create a new schema attribute for non-employee source description: |- This API creates a new schema attribute for Non-Employee Source. The schema technical name must be unique in the source. Attempts to create a schema attribute with an existing name will result in a "400.1.409 Reference conflict" response. At most, 10 custom attributes can be created per schema. Attempts to create more than 10 will result in a "400.1.4 Limit violation" response. Requires role context of `idn:nesr:create` parameters: - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listNonEmployeeSources description: The Source id example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/NonEmployeeSchemaAttributeBody' responses: '200': description: Schema Attribute created. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeSchemaAttribute' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage delete: operationId: deleteNonEmployeeSourceSchemaAttributes tags: - Non-Employee Lifecycle Management summary: Delete all custom schema attributes for non-employee source description: This end-point deletes all custom schema attributes for a non-employee source. Requires role context of `idn:nesr:delete` parameters: - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listNonEmployeeSources description: The Source id example: ef38f94347e94562b5bb8424a56397d8 responses: '204': $ref: '#/components/responses/204' description: All custon Schema Attributes were successfully deleted. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage /non-employee-sources/{sourceId}/schema-attributes/{attributeId}: get: operationId: getNonEmployeeSchemaAttribute security: - userAuth: - idn:nelm:read - applicationAuth: - idn:nelm:read tags: - Non-Employee Lifecycle Management summary: Get schema attribute non-employee source description: This API gets a schema attribute by Id for the specified Non-Employee SourceId. Requires role context of `idn:nesr:read` or the user must be an account manager of the source. parameters: - in: path name: attributeId schema: type: string required: true x-sailpoint-resource-operation-id: getNonEmployeeSourceSchemaAttributes example: ef38f94347e94562b5bb8424a56397d8 description: The Schema Attribute Id (UUID) - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listNonEmployeeSources example: ef38f94347e94562b5bb8424a56397d8 description: The Source id responses: '200': description: The Schema Attribute content: application/json: schema: $ref: '#/components/schemas/NonEmployeeSchemaAttribute' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchNonEmployeeSchemaAttribute tags: - Non-Employee Lifecycle Management summary: Patch a schema attribute for non-employee source description: | This end-point patches a specific schema attribute for a non-employee SourceId. Requires role context of `idn:nesr:update` parameters: - in: path name: attributeId schema: type: string required: true x-sailpoint-resource-operation-id: getNonEmployeeSourceSchemaAttributes description: The Schema Attribute Id (UUID) example: ef38f94347e94562b5bb8424a56397d8 - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listNonEmployeeSources description: The Source id example: ef38f94347e94562b5bb8424a56397d8 requestBody: description: A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following properties are allowed for update ':' 'label', 'helpText', 'placeholder', 'required'. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /label value: new attribute label: null required: true responses: '200': description: The Schema Attribute was successfully patched. content: application/json: schema: $ref: '#/components/schemas/NonEmployeeSchemaAttribute' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage delete: operationId: deleteNonEmployeeSchemaAttribute tags: - Non-Employee Lifecycle Management summary: Delete a schema attribute for non-employee source description: | This end-point deletes a specific schema attribute for a non-employee source. Requires role context of `idn:nesr:delete` parameters: - in: path name: attributeId schema: type: string required: true x-sailpoint-resource-operation-id: getNonEmployeeSourceSchemaAttributes description: The Schema Attribute Id (UUID) example: ef38f94347e94562b5bb8424a56397d8 - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listNonEmployeeSources description: The Source id example: ef38f94347e94562b5bb8424a56397d8 responses: '204': $ref: '#/components/responses/204' description: The Schema Attribute was successfully deleted. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:nelm:manage - applicationAuth: - idn:nelm:manage /oauth-clients: get: operationId: listOauthClients security: - userAuth: - sp:oauth-client:read - sp:oauth-client:manage tags: - OAuth Clients summary: List oauth clients description: This gets a list of OAuth clients. parameters: - in: query name: filters required: false schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **lastUsed**: *le, isnull* example: lastUsed le 2023-02-05T10:59:27.214Z responses: '200': description: List of OAuth clients. content: application/json: schema: type: array items: $ref: '#/components/schemas/GetOAuthClientResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createOauthClient security: - userAuth: - sp:oauth-client:manage tags: - OAuth Clients summary: Create oauth client description: This creates an OAuth client. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CreateOAuthClientRequest' responses: '200': description: Request succeeded. content: application/json: schema: $ref: '#/components/schemas/CreateOAuthClientResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /oauth-clients/{id}: get: operationId: getOauthClient security: - userAuth: - sp:oauth-client:manage - sp:oauth-client:read - applicationAuth: - sp:oauth-client:manage - sp:oauth-client:read tags: - OAuth Clients summary: Get oauth client description: This gets details of an OAuth client. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listOauthClients description: The OAuth client id example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: Request succeeded. content: application/json: schema: $ref: '#/components/schemas/GetOAuthClientResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteOauthClient security: - userAuth: - sp:oauth-client:manage tags: - OAuth Clients summary: Delete oauth client description: This deletes an OAuth client. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listOauthClients description: The OAuth client id example: ef38f94347e94562b5bb8424a56397d8 responses: '204': description: No content. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchOauthClient security: - userAuth: - sp:oauth-client:manage tags: - OAuth Clients summary: Patch oauth client description: This performs a targeted update to the field(s) of an OAuth client. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listOauthClients description: The OAuth client id example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true description: | A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * tenant * businessName * homepageUrl * name * description * accessTokenValiditySeconds * refreshTokenValiditySeconds * redirectUris * grantTypes * accessType * enabled * strongAuthSupported * claimsSupported content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /strongAuthSupported value: true - op: replace path: /businessName value: acme-solar responses: '200': description: Indicates the PATCH operation succeeded, and returns the OAuth client's new representation. content: application/json: schema: $ref: '#/components/schemas/GetOAuthClientResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /password-sync-groups: get: operationId: getPasswordSyncGroups tags: - Password Sync Groups summary: Get password sync group list description: This API returns a list of password sync groups. security: - userAuth: - idn:password-sync-group:read - idn:password-sync-group:manage - applicationAuth: - idn:password-sync-group:read - idn:password-sync-group:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' responses: '200': description: A list of password sync groups. content: application/json: schema: type: array items: $ref: '#/components/schemas/PasswordSyncGroup' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createPasswordSyncGroup tags: - Password Sync Groups summary: Create password sync group description: This API creates a password sync group based on the specifications provided. security: - userAuth: - idn:password-sync-group:manage x-sailpoint-userLevels: - ORG_ADMIN requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PasswordSyncGroup' example: name: Password Sync Group 2 passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 sourceIds: - 2c918084660f45d6016617daa9210584 - 2c918084660f45d6016617daa9210500 responses: '200': description: Reference to the password sync group. content: application/json: schema: $ref: '#/components/schemas/PasswordSyncGroup' example: id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd name: Password Sync Group 2 passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 sourceIds: - 2c918084660f45d6016617daa9210584 - 2c918084660f45d6016617daa9210500 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /password-sync-groups/{id}: get: operationId: getPasswordSyncGroup tags: - Password Sync Groups summary: Get password sync group by id description: This API returns the sync group for the specified ID. security: - userAuth: - idn:password-sync-group:read - idn:password-sync-group:manage - applicationAuth: - idn:password-sync-group:read - idn:password-sync-group:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getPasswordSyncGroups description: The ID of password sync group to retrieve. example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd responses: '200': description: Reference to the password sync group. content: application/json: schema: $ref: '#/components/schemas/PasswordSyncGroup' example: id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd name: Password Sync Group 1 passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 sourceIds: - 2c918084660f45d6016617daa9210584 - 2c918084660f45d6016617daa9210500 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: updatePasswordSyncGroup tags: - Password Sync Groups summary: Update password sync group by id description: This API updates the specified password sync group. security: - userAuth: - idn:password-sync-group:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getPasswordSyncGroups description: The ID of password sync group to update. example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PasswordSyncGroup' example: id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd name: Password Sync Group 2 passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 sourceIds: - 2c918084660f45d6016617daa9210584 - 2c918084660f45d6016617daa9210500 responses: '200': description: Reference to the password sync group. content: application/json: schema: $ref: '#/components/schemas/PasswordSyncGroup' example: id: 6881f631-3bd5-4213-9c75-8e05cc3e35dd name: Password Sync Group 2 passwordPolicyId: 2c91808d744ba0ce01746f93b6204501 sourceIds: - 2c918084660f45d6016617daa9210584 - 2c918084660f45d6016617daa9210500 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deletePasswordSyncGroup tags: - Password Sync Groups summary: Delete password sync group by id description: This API deletes the specified password sync group. security: - userAuth: - idn:password-sync-group:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getPasswordSyncGroups description: The ID of password sync group to delete. example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /password-policies/{id}: get: operationId: getPasswordPolicyById tags: - Password Policies summary: Get password policy by id description: This API returns the password policy for the specified ID. security: - userAuth: - idn:password-policy:read - applicationAuth: - idn:password-policy:read x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listPasswordPolicies description: The ID of password policy to retrieve. example: ff808081838d9e9d01838da6a03e0005 responses: '200': description: Reference to the password policy. content: application/json: schema: $ref: '#/components/schemas/PasswordPolicyV3Dto' example: description: Default Password Policy id: 2c91808e7d976f3b017d9f5ceae440c8 name: Example PP dateCreated: 1639056206564 lastUpdated: 1662385430753 firstExpirationReminder: 90 accountIdMinWordLength: 3 accountNameMinWordLength: 3 maxLength: 0 maxRepeatedChars: 4 minAlpha: 1 minCharacterTypes: -1 minLength: 8 minLower: 0 minNumeric: 1 minSpecial: 0 minUpper: 0 passwordExpiration: 90 defaultPolicy: true enablePasswdExpiration: false requireStrongAuthn: false requireStrongAuthOffNetwork: false requireStrongAuthUntrustedGeographies: false useAccountAttributes: false useDictionary: false useIdentityAttributes: false validateAgainstAccountId: true validateAgainstAccountName: true sourceIds: - 2c91808382ffee0b01830de154f14034 - 2c91808582ffee0c01830de36511405f '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: setPasswordPolicy tags: - Password Policies summary: Update password policy by id description: This API updates the specified password policy. security: - userAuth: - idn:password-policy:write x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listPasswordPolicies description: The ID of password policy to update. example: ff808081838d9e9d01838da6a03e0007 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PasswordPolicyV3Dto' example: description: Password Policy after update. id: 2c91808e7d976f3b017d9f5ceae440c8 name: Improved Password Policy dateCreated: 1639056206564 lastUpdated: 1662385430753 firstExpirationReminder: 90 accountIdMinWordLength: 3 accountNameMinWordLength: 3 maxLength: 0 maxRepeatedChars: 4 minAlpha: 1 minCharacterTypes: -1 minLength: 8 minLower: 0 minNumeric: 1 minSpecial: 0 minUpper: 0 passwordExpiration: 90 defaultPolicy: false enablePasswdExpiration: false requireStrongAuthn: false requireStrongAuthOffNetwork: false requireStrongAuthUntrustedGeographies: false useAccountAttributes: false useDictionary: false useIdentityAttributes: false validateAgainstAccountId: true validateAgainstAccountName: true sourceIds: - 2c91808382ffee0b01830de154f14034 - 2c91808582ffee0c01830de36511405f responses: '200': description: Reference to the password policy. content: application/json: schema: $ref: '#/components/schemas/PasswordPolicyV3Dto' example: description: Password Policy after update. id: 2c91808e7d976f3b017d9f5ceae440c8 name: Improved Password Policy dateCreated: 1639056206564 lastUpdated: 1662385430753 firstExpirationReminder: 90 accountIdMinWordLength: 3 accountNameMinWordLength: 3 maxLength: 0 maxRepeatedChars: 4 minAlpha: 1 minCharacterTypes: -1 minLength: 8 minLower: 0 minNumeric: 1 minSpecial: 0 minUpper: 0 passwordExpiration: 90 defaultPolicy: false enablePasswdExpiration: false requireStrongAuthn: false requireStrongAuthOffNetwork: false requireStrongAuthUntrustedGeographies: false useAccountAttributes: false useDictionary: false useIdentityAttributes: false validateAgainstAccountId: true validateAgainstAccountName: true sourceIds: - 2c91808382ffee0b01830de154f14034 - 2c91808582ffee0c01830de36511405f '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deletePasswordPolicy tags: - Password Policies summary: Delete password policy by id description: This API deletes the specified password policy. security: - userAuth: - idn:password-policy:write x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listPasswordPolicies description: The ID of password policy to delete. example: ff808081838d9e9d01838da6a03e0002 responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /password-policies: post: operationId: createPasswordPolicy tags: - Password Policies summary: Create password policy description: This API creates the specified password policy. security: - userAuth: - idn:password-policy:write x-sailpoint-userLevels: - ORG_ADMIN requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PasswordPolicyV3Dto' example: description: New Password Policy with high requirements to password complexity. id: null name: High security Password Policy dateCreated: 1639056206564 lastUpdated: 1662385430753 firstExpirationReminder: 90 accountIdMinWordLength: 3 accountNameMinWordLength: 3 maxLength: 0 maxRepeatedChars: 4 minAlpha: 1 minCharacterTypes: -1 minLength: 8 minLower: 0 minNumeric: 1 minSpecial: 0 minUpper: 0 passwordExpiration: 90 defaultPolicy: false enablePasswdExpiration: false requireStrongAuthn: false requireStrongAuthOffNetwork: false requireStrongAuthUntrustedGeographies: false useAccountAttributes: false useDictionary: false useIdentityAttributes: false validateAgainstAccountId: true validateAgainstAccountName: true sourceIds: - 2c91808382ffee0b01830de154f14034 - 2c91808582ffee0c01830de36511405f responses: '200': description: Reference to the password policy. content: application/json: schema: $ref: '#/components/schemas/PasswordPolicyV3Dto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' get: operationId: listPasswordPolicies tags: - Password Policies summary: List password policies description: |- This gets list of all Password Policies. Requires role of ORG_ADMIN security: - userAuth: - idn:password-policy:read - applicationAuth: - idn:password-policy:read parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' responses: '200': description: List of all Password Policies. content: application/json: schema: type: array items: $ref: '#/components/schemas/PasswordPolicyV3Dto' example: - description: Example Password Policy id: 2c91808e7d976f3b017d9f5ceae440c8 name: Example PP dateCreated: 1639056206564 lastUpdated: 1662385430753 firstExpirationReminder: 90 accountIdMinWordLength: 3 accountNameMinWordLength: 3 maxLength: 0 maxRepeatedChars: 4 minAlpha: 1 minCharacterTypes: -1 minLength: 8 minLower: 0 minNumeric: 1 minSpecial: 0 minUpper: 0 passwordExpiration: 90 defaultPolicy: false enablePasswdExpiration: false requireStrongAuthn: false requireStrongAuthOffNetwork: false requireStrongAuthUntrustedGeographies: false useAccountAttributes: false useDictionary: false useIdentityAttributes: false validateAgainstAccountId: true validateAgainstAccountName: true sourceIds: - 2c91808382ffee0b01830de154f14034 - 2c91808582ffee0c01830de36511405f - description: null id: 2c91808780b8b8430180ff7a093f3bf2 name: Password Policy 1 test dateCreated: 1653553629503 lastUpdated: null firstExpirationReminder: null accountIdMinWordLength: -1 accountNameMinWordLength: -1 maxLength: 0 maxRepeatedChars: -1 minAlpha: 1 minCharacterTypes: -1 minLength: 8 minLower: 0 minNumeric: 1 minSpecial: 0 minUpper: 0 passwordExpiration: 90 defaultPolicy: false enablePasswdExpiration: false requireStrongAuthn: false requireStrongAuthOffNetwork: false requireStrongAuthUntrustedGeographies: false useAccountAttributes: false useDictionary: false useIdentityAttributes: true validateAgainstAccountId: false validateAgainstAccountName: false sourceIds: [] '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /personal-access-tokens: get: operationId: listPersonalAccessTokens security: - userAuth: - sp:my-personal-access-tokens:read - sp:my-personal-access-tokens:manage - sp:all-personal-access-tokens:read - sp:all-personal-access-tokens:manage tags: - Personal Access Tokens summary: List personal access tokens description: This gets a collection of personal access tokens associated with the optional `owner-id`. query parameter. If the `owner-id` query parameter is omitted, all personal access tokens for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right. parameters: - in: query name: owner-id description: |- The identity ID of the owner whose personal access tokens should be listed. If "me", the caller should have the following right: 'idn:my-personal-access-tokens:read' If an actual owner ID or if the `owner-id` parameter is omitted in the request, the caller should have the following right: 'idn:all-personal-access-tokens:read'. If the caller has the following right, then managed personal access tokens associated with `owner-id` will be retrieved: 'idn:managed-personal-access-tokens:read' required: false schema: type: string default: null example: 2c9180867b50d088017b554662fb281e - in: query name: filters required: false schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **lastUsed**: *le, isnull* example: lastUsed le 2023-02-05T10:59:27.214Z responses: '200': description: List of personal access tokens. content: application/json: schema: type: array items: $ref: '#/components/schemas/GetPersonalAccessTokenResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createPersonalAccessToken security: - userAuth: - sp:my-personal-access-tokens:manage - sp:all-personal-access-tokens:manage tags: - Personal Access Tokens summary: Create personal access token description: This creates a personal access token. requestBody: description: Name and scope of personal access token. required: true content: application/json: schema: $ref: '#/components/schemas/CreatePersonalAccessTokenRequest' responses: '200': description: Created. Note - this is the only time Personal Access Tokens' secret attribute will be displayed. content: application/json: schema: $ref: '#/components/schemas/CreatePersonalAccessTokenResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /personal-access-tokens/{id}: patch: operationId: patchPersonalAccessToken security: - userAuth: - sp:my-personal-access-tokens:manage tags: - Personal Access Tokens summary: Patch personal access token description: |- This performs a targeted update to the field(s) of a Personal Access Token. Changing scopes for a Personal Access Token does not impact existing bearer tokens. You will need to create a new bearer token to have the new scopes. Please note that it can take up to 20 minutes for scope changes to be seen on new bearer tokens. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listPersonalAccessTokens description: The Personal Access Token id example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true description: | A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * name * scope content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /name value: New name - op: replace path: /scope value: - sp:scopes:all responses: '200': description: Indicates the PATCH operation succeeded, and returns the PAT's new representation. content: application/json: schema: $ref: '#/components/schemas/GetPersonalAccessTokenResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deletePersonalAccessToken security: - userAuth: - sp:my-personal-access-tokens:manage - sp:all-personal-access-tokens:manage tags: - Personal Access Tokens summary: Delete personal access token description: This deletes a personal access token. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listPersonalAccessTokens description: The personal access token id example: ef38f94347e94562b5bb8424a56397d8 responses: '204': description: No content. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /public-identities: get: operationId: getPublicIdentities tags: - Public Identities summary: Get list of public identities description: Get a list of public identities. Set `add-core-filters` to `true` to exclude incomplete identities and uncorrelated accounts. security: - userAuth: - sp:scopes:default x-sailpoint-userLevels: - USER parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string required: false description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **alias**: *eq, sw* **email**: *eq, sw* **firstname**: *eq, sw* **lastname**: *eq, sw* example: firstname eq "John" - in: query name: add-core-filters description: |- If *true*, only get identities which satisfy ALL the following criteria in addition to any criteria specified by *filters*: - Should be either correlated or protected. - Should not be "spadmin" or "cloudadmin". - uid should not be null. - lastname should not be null. - email should not be null. required: false example: false schema: type: boolean default: false - in: query name: sorters schema: type: string format: comma-separated required: false description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name** example: name responses: '200': description: A list of public identity objects. content: application/json: schema: type: array items: $ref: '#/components/schemas/PublicIdentity' example: - id: 2c9180857182305e0171993735622948 name: Alison Ferguso alias: alison.ferguso email: alison.ferguso@acme-solar.com status: Active manager: type: IDENTITY id: 2c9180a46faadee4016fb4e018c20639 name: Thomas Edison attributes: - key: phone name: Phone value: '5125551234' - key: country name: Country value: US - id: 2c9180a46faadee4016fb4e018c20639 name: Thomas Edison alias: thomas.edison email: thomas.edison@acme-solar.com status: Active manager: type: IDENTITY id: 2c918086676d3e0601677611dbde220f name: Mister Manager attributes: - key: phone name: Phone value: '5125554321' - key: country name: Country value: US '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /public-identities-config: get: operationId: getPublicIdentityConfig tags: - Public Identities Config summary: Get the public identities configuration description: Returns the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. security: - userAuth: - idn:public-identity-config:read - idn:public-identity-config:manage x-sailpoint-userLevels: - ORG_ADMIN responses: '200': description: Request succeeded. content: application/json: schema: $ref: '#/components/schemas/PublicIdentityConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: updatePublicIdentityConfig tags: - Public Identities Config summary: Update the public identities configuration description: Updates the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. security: - userAuth: - idn:public-identity-config:manage x-sailpoint-userLevels: - ORG_ADMIN requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PublicIdentityConfig' responses: '200': description: Request succeeded. content: application/json: schema: $ref: '#/components/schemas/PublicIdentityConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /requestable-objects: get: operationId: listRequestableObjects tags: - Requestable Objects summary: Requestable objects list security: - userAuth: - idn:requestable-objects:read x-sailpoint-userLevels: - ORG_ADMIN description: |- Get a list of acccess items that can be requested through the [Access Request endpoints](https://developer.sailpoint.com/docs/api/v2024/access-requests). Access items are marked with `AVAILABLE`, `PENDING` or `ASSIGNED` with respect to the identity provided using `identity-id` query parameter. This endpoint only lists roles and access profiles. For gathering requestable entitlements, the [Entitlements List API](https://developer.sailpoint.com/docs/api/v2025/list-entitlements) can be used with the segmented-for-identity parameter. Any authenticated token can call this endpoint to see their requestable access items. parameters: - in: query name: identity-id required: false schema: type: string example: e7eab60924f64aa284175b9fa3309599 description: |- If present, the value returns only requestable objects for the specified identity. * Admin users can call this with any identity ID value. * Non-admin users can only specify *me* or pass their own identity ID value. * If absent, returns a list of all requestable objects for the tenant. Only admin users can make such a call. In this case, the available, pending, assigned accesses will not be annotated in the result. - in: query name: types description: Filters the results to the specified type/types, where each type is one of `ROLE` or `ACCESS_PROFILE`. If absent, all types are returned. SailPoint may add support for additional types in the future without notice. required: false schema: type: array items: type: string enum: - ACCESS_PROFILE - ROLE description: Currently supported requestable object types. example: ACCESS_PROFILE,ROLE explode: false - in: query name: term required: false schema: type: string example: Finance Role description: Allows searching requestable access items with a partial match on the name or description. If `term` is provided, then the API will ignore the `filter` query parameter. - in: query name: statuses description: Filters the result to the specified status/statuses, where each status is one of `AVAILABLE`, `ASSIGNED`, or `PENDING`. Specifying this parameter without also specifying an `identity-id` parameter results in an error. SailPoint may add additional statuses in the future without notice. required: false schema: type: array items: $ref: '#/components/schemas/RequestableObjectRequestStatus' explode: false example: - ASSIGNED - PENDING - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string example: name sw "bob" description: | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, in, sw* required: false - in: query name: sorters schema: type: string format: comma-separated required: false example: name description: | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name** responses: '200': description: List of requestable objects content: application/json: schema: type: array items: $ref: '#/components/schemas/RequestableObject' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /revocable-objects: get: operationId: getEntitlementDetailsForIdentity tags: - Access Requests summary: Identity entitlement details description: Use this API to return the details for a entitlement on an identity including specific data relating to remove date and the ability to revoke the identity. security: - userAuth: - idn:requestable-objects:read x-sailpoint-userLevels: - ORG_ADMIN - USER parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true - in: path name: identityId schema: type: string required: true description: The identity ID. example: 7025c863c2704ba6beeaedf3cb091573 x-sailpoint-resource-operation-id: listIdentities - in: path name: entitlementId schema: type: string required: true description: The entitlement ID example: ef38f94347e94562b5bb8424a56397d8 x-sailpoint-resource-operation-id: listEntitlements responses: '200': description: Entitlement and Account Reference content: application/json: schema: $ref: '#/components/schemas/IdentityEntitlementDetails' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /roles: get: operationId: listRoles tags: - Roles summary: List roles description: |- This API returns a list of Roles. A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. parameters: - in: query name: for-subadmin schema: type: string description: If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin. example: 5168015d32f890ca15812c9180835d2e required: false - $ref: '#/components/parameters/limit50' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, ge, le* **modified**: *lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* **dimensional**: *eq* example: requestable eq false required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified** example: name,-modified required: false - in: query name: for-segment-ids schema: type: string format: comma-separated description: |- If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs. If segmentation is currently unavailable, specifying this parameter results in an error. example: 0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d required: false - in: query name: include-unsegmented schema: type: boolean default: true description: Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error. example: false required: false responses: '200': description: List of Roles content: application/json: schema: type: array items: $ref: '#/components/schemas/Role' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:read - idn:role-unchecked:manage - idn:role-checked:manage - idn:role-checked:read - applicationAuth: - idn:role-unchecked:read - idn:role-unchecked:manage - idn:role-checked:manage - idn:role-checked:read x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN post: operationId: createRole tags: - Roles summary: Create a role description: |- This API creates a role. You must have a token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority to call this API. In addition, a ROLE_SUBADMIN may not create a role including an access profile if that access profile is associated with a source the ROLE_SUBADMIN is not associated with themselves. The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles. However, any new roles as well as any updates to existing descriptions will be limited to 2000 characters. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Role' responses: '201': description: Role created content: application/json: schema: $ref: '#/components/schemas/Role' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:manage - idn:role-checked:manage x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN /roles/{id}: get: operationId: getRole tags: - Roles summary: Get a role description: |- This API returns a Role by its ID. A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member. parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listRoles schema: type: string description: ID of the Role example: 2c91808a7813090a017814121e121518 responses: '200': description: List of all Roles content: application/json: schema: $ref: '#/components/schemas/Role' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:read - idn:role-unchecked:manage - idn:role-checked:manage - idn:role-checked:read - applicationAuth: - idn:role-unchecked:read - idn:role-unchecked:manage - idn:role-checked:manage - idn:role-checked:read x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN patch: operationId: patchRole tags: - Roles summary: Patch a specified role description: |- This API updates an existing role using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax. The following fields are patchable: * name * description * enabled * owner * accessProfiles * entitlements * membership * requestable * accessRequestConfig * revokeRequestConfig * segments * accessModelMetadata A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all access profiles included in the role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member. The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters. When you use this API to modify a role's membership identities, you can only modify up to a limit of 500 membership identities at a time. parameters: - name: id in: path description: ID of the Role to patch required: true x-sailpoint-resource-operation-id: listRoles schema: type: string example: 2c91808a7813090a017814121e121518 requestBody: content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' examples: Make a Role Requestable and Enable it in One Call: description: This example shows how multiple fields may be updated with a single patch call. value: - op: replace path: /requestable value: true - op: replace path: /enabled value: true Assign a Role to a Segment: description: This example illustrates the use of patch to assign a Role to a Segment by adding the Segment's ID to the Role's segments array. value: - op: add path: /segments/- value: f7b1b8a3-5fed-4fd4-ad29-82014e137e19 Set the Membership Selection Criteria to a List of Identities: description: This example shows how to define a Role's membershp by providing a list of Identities, referenced by their IDs. value: - op: replace path: /membership value: type: IDENTITY_LIST identities: - id: 2c91808973fe906c0174262092014ed9 - id: 2c918086262092014ed94fb8a47612f3 Set the Membership Selection Criteria to a Standard Expression: description: This example shows how to define a Role's membership using STANDARD criteria. In this case, the Role will be granted to all Identities which have the *Engineering* attribute from the indicated Source. value: - op: replace path: /membership value: type: STANDARD criteria: operation: OR children: - operation: EQUALS key: type: ENTITLEMENT property: attribute.memberOf sourceId: 2c9180887701fb2014213e122092014e stringValue: Engineering Add a New Clause as the Child of an Existing Standard Expression: description: This example shows how to add a child clause to an existing STANDARD criteria expression. value: - op: add path: /membership/criteria/children/- value: operation: ENDS_WITH key: type: IDENTITY property: attribute.email stringValue: '@identitynow.com' Assign a Access Model Metadata to a Role: description: This example shows how to assign a existing metadata to a role. value: - op: add path: /accessModelMetadata/attributes/0 value: key: iscFederalClassifications values: - value: secret Add an Access Profile to a Role: description: This example shows how to add an access profile to a role. value: - op: add path: /accessProfiles/- value: id: 1de104e1f9024b1289b3a31e22d28cd1 type: ACCESS_PROFILE Add an Entitlement to a Role: description: This example shows how to add an entitlement to a role. value: - op: add path: /entitlements/- value: id: 0fb2f8051e48421b8f1f8a64aee3b205 type: ENTITLEMENT required: true responses: '200': description: Responds with the Role as updated. content: application/json: schema: $ref: '#/components/schemas/Role' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:manage - idn:role-checked:manage x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN delete: operationId: deleteRole tags: - Roles summary: Delete a role description: |- This API deletes a Role by its ID. A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member. parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listRoles schema: type: string description: ID of the Role example: 2c91808a7813090a017814121e121518 responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:manage - idn:role-checked:manage x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN /roles/bulk-delete: post: operationId: deleteBulkRoles summary: Delete role(s) tags: - Roles description: |- This endpoint initiates a bulk deletion of one or more roles. When the request is successful, the endpoint returns the bulk delete's task result ID. To follow the task, you can use [Get Task Status by ID](https://developer.sailpoint.com/docs/api/beta/get-task-status), which will return the task result's status and information. This endpoint can only bulk delete up to a limit of 50 roles per request. A user with ROLE_SUBADMIN authority can only call this endpoint if all roles included in the request are associated with sources with management workgroups the ROLE_SUBADMIN is a member of. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/RoleBulkDeleteRequest' example: roleIds: - 2c91808876438bb2017668b91919ecca - 2c91808876438ba801766e129f151816 responses: '202': description: Returns an object with the id of the task performing the delete operation. content: application/json: schema: $ref: '#/components/schemas/TaskResultDto' example: type: TASK_RESULT id: 464ae7bf791e49fdb74606a2e4a89635 name: null '400': description: Client Error - Returned if the request body is invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: 400.1 Bad Request Content: description: Response for bad request content value: detailCode: 400.1 Bad Request Content trackingId: 1ea1adcb84da4dcb890145e05745774e messages: - locale: en-US localeOrigin: DEFAULT text: The request was syntactically correct but its content is semantically invalid. 400.1 Role ids limit violation: description: Role ids limit violation response value: detailCode: 400.1 Bad Request Content trackingId: 77aa89ac6f0e422dbc588866abc22be9 messages: - locale: en-US localeOrigin: DEFAULT text: roleIds count exceeded max limit of 50 for bulk-delete. 400.1.404 Referenced object not found: description: Referenced object not found response value: detailCode: 400.1.404 Referenced object not found trackingId: 77aa89ac6f0e422dbc588866abc22be9 messages: - locale: en-US localeOrigin: DEFAULT text: Referenced roleIds ["2c91808876438bb2017668b91919ecca"] was not found. '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:manage - idn:role-checked:manage x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN /roles/{id}/assigned-identities: get: operationId: getRoleAssignedIdentities tags: - Roles summary: List identities assigned a role parameters: - in: path name: id schema: type: string description: ID of the Role for which the assigned Identities are to be listed example: 2c91808a7813090a017814121e121518 required: true x-sailpoint-resource-operation-id: listRoles - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **aliasName**: *eq, sw* **email**: *eq, sw* **name**: *eq, sw, co* example: name sw Joe - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, aliasName, email** example: aliasName,name responses: '200': description: List of Identities assigned the Role content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleIdentity' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:read - idn:role-unchecked:manage - idn:role-checked:manage - idn:role-checked:read - applicationAuth: - idn:role-unchecked:read - idn:role-unchecked:manage - idn:role-checked:manage - idn:role-checked:read /roles/{roleId}/dimensions: get: operationId: listDimensions tags: - Dimensions summary: List dimensions description: |- This API returns a list of dimensions under a specified role. A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. parameters: - in: path name: roleId required: true x-sailpoint-resource-operation-id: listRoles schema: type: string description: Parent Role Id of the dimension. example: 6603fba3004f43c687610a29195252ce - in: query name: for-subadmin schema: type: string description: If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin. example: 5168015d32f890ca15812c9180835d2e required: false - $ref: '#/components/parameters/limit50' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* example: id eq '2c918086749d78830174a1a40e121518' required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified** example: name,-modified required: false responses: '200': description: List of Dimensions content: application/json: schema: type: array items: $ref: '#/components/schemas/Dimension' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:read - idn:role-unchecked:manage - idn:role-checked:manage - idn:role-checked:read x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN post: operationId: createDimension tags: - Dimensions summary: Create a dimension description: |- This API creates a dimension. You must have a token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority to call this API. Additionally, a ROLE_SUBADMIN cannot create a dimension that includes an access profile or entitlement if that access profile or entitlement is linked to a source that the ROLE_SUBADMIN is not associated with. The maximum supported length for the description field is 2000 characters. parameters: - in: path name: roleId required: true x-sailpoint-resource-operation-id: listRoles schema: type: string description: Parent Role Id of the dimension. example: 6603fba3004f43c687610a29195252ce requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Dimension' responses: '201': description: Dimension created content: application/json: schema: $ref: '#/components/schemas/Dimension' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:manage - idn:role-checked:manage x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN /roles/{roleId}/dimensions/{dimensionId}: get: operationId: getDimension tags: - Dimensions summary: Get a dimension under role. description: |- This API returns a Dimension by its ID. A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles or Entitlements included in the Dimension or Parent Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member. parameters: - in: path name: roleId required: true x-sailpoint-resource-operation-id: listRoles schema: type: string description: Parent Role Id of the dimension. example: 6603fba3004f43c687610a29195252ce - in: path name: dimensionId schema: type: string required: true x-sailpoint-resource-operation-id: listDimensions description: Id of the Dimension example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: Dimension content: application/json: schema: $ref: '#/components/schemas/Dimension' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:read - idn:role-unchecked:manage - idn:role-checked:manage - idn:role-checked:read x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN patch: operationId: patchDimension tags: - Dimensions summary: Patch a specified dimension description: |- This API updates an existing dimension using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax. The following fields are patchable: **name** **description** **owner** **accessProfiles** **entitlements** **membership** A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all access profiles/entitlements included in the dimension are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member. The maximum supported length for the description field is 2000 characters. When you use this API to modify a dimension's membership identities, you can only modify up to a limit of 500 membership identities at a time. parameters: - in: path name: roleId required: true x-sailpoint-resource-operation-id: listRoles schema: type: string description: Parent Role Id of the dimension. example: 6603fba3004f43c687610a29195252ce - in: path name: dimensionId schema: type: string required: true x-sailpoint-resource-operation-id: listDimensions description: Id of the Dimension example: 2c9180835d191a86015d28455b4a2329 requestBody: content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' examples: Update a Dimension name and description field in One Call: description: This example shows how multiple fields may be updated with a single patch call. value: - op: replace path: /description value: Test Description - op: replace path: /name value: new name Set the Membership Selection Criteria to a List of Identities: description: This example shows how to define a Dimension's membershp by providing a list of Identities, referenced by their IDs. value: - op: replace path: /membership value: type: IDENTITY_LIST identities: - id: 2c91808973fe906c0174262092014ed9 - id: 2c918086262092014ed94fb8a47612f3 Set the Membership Selection Criteria to a Standard Expression: description: This example shows how to define a Dimensions's membership using STANDARD criteria. In this case, the Dimension will be granted to all Identities which have the *Engineering* attribute from the indicated Source. value: - op: replace path: /membership value: type: STANDARD criteria: operation: OR children: - operation: EQUALS key: type: ENTITLEMENT property: attribute.memberOf sourceId: 2c9180887701fb2014213e122092014e stringValue: Engineering Add a New Clause as the Child of an Existing Standard Expression: description: This example shows how to add a child clause to an existing STANDARD criteria expression. value: - op: add path: /membership/criteria/children/- value: operation: ENDS_WITH key: type: IDENTITY property: attribute.email stringValue: '@identitynow.com' required: true responses: '200': description: Responds with the Dimension as updated. content: application/json: schema: $ref: '#/components/schemas/Dimension' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:manage - idn:role-checked:manage x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN delete: operationId: deleteDimension tags: - Dimensions summary: Delete a dimension description: |- This API deletes a Dimension by its ID. A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles/Entitlements included in the Dimension are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member. parameters: - in: path name: roleId required: true x-sailpoint-resource-operation-id: listRoles schema: type: string description: Parent Role Id of the dimension. example: 6603fba3004f43c687610a29195252ce - in: path name: dimensionId schema: type: string required: true x-sailpoint-resource-operation-id: listDimensions description: Id of the Dimension example: 2c9180835d191a86015d28455b4a2329 responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:manage - idn:role-checked:manage x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN /roles/{roleId}/dimensions/bulk-delete: post: operationId: deleteBulkDimensions summary: Delete dimension(s) tags: - Dimensions description: |- This endpoint initiates a bulk deletion of one or more dimensions. When the request is successful, the endpoint returns the bulk delete's task result ID. To follow the task, you can use [Get Task Status by ID](https://developer.sailpoint.com/docs/api/beta/get-task-status), which will return the task result's status and information. This endpoint can only bulk delete up to a limit of 50 roles per request. A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this endpoint. In addition, a token with ROLE_SUBADMIN authority can only call this endpoint if all dimensions included in the request are associated with sources with management workgroups the ROLE_SUBADMIN is a member of. parameters: - in: path name: roleId required: true x-sailpoint-resource-operation-id: listRoles schema: type: string description: Parent Role Id of the dimensions. example: 6603fba3004f43c687610a29195252ce requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/DimensionBulkDeleteRequest' example: dimensionIds: - 2c91808876438bb2017668b91919ecca - 2c91808876438ba801766e129f151816 responses: '202': description: Returns an object with the id of the task performing the delete operation. content: application/json: schema: $ref: '#/components/schemas/TaskResultDto' example: type: TASK_RESULT id: 464ae7bf791e49fdb74606a2e4a89635 name: null '400': description: Client Error - Returned if the request body is invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: 400.1 Bad Request Content: description: Response for bad request content value: detailCode: 400.1 Bad Request Content trackingId: 1ea1adcb84da4dcb890145e05745774e messages: - locale: en-US localeOrigin: DEFAULT text: The request was syntactically correct but its content is semantically invalid. 400.1 Dimension ids limit violation: description: Dimension ids limit violation response value: detailCode: 400.1 Bad Request Content trackingId: 77aa89ac6f0e422dbc588866abc22be9 messages: - locale: en-US localeOrigin: DEFAULT text: dimensionIds count exceeded max limit of 50 for bulk-delete. 400.1.404 Referenced object not found: description: Referenced object not found response value: detailCode: 400.1.404 Referenced object not found trackingId: 77aa89ac6f0e422dbc588866abc22be9 messages: - locale: en-US localeOrigin: DEFAULT text: Referenced dimensionIds ["2c91808876438bb2017668b91919ecca"] was not found. '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:manage - idn:role-checked:manage x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN /roles/{roleId}/dimensions/{dimensionId}/access-profiles: get: operationId: listDimensionAccessProfiles tags: - Dimensions summary: List dimension's access profiles description: |- This API lists the Access Profiles associated with a given Dimension A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member. parameters: - in: path name: roleId required: true x-sailpoint-resource-operation-id: listRoles schema: type: string description: Parent Role Id of the dimension. example: 6603fba3004f43c687610a29195252ce - in: path name: dimensionId schema: type: string required: true x-sailpoint-resource-operation-id: listDimensions description: Id of the Dimension example: 2c9180835d191a86015d28455b4a2329 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **source.id**: *eq, in* example: source.id eq "2c91808982f979270182f99e386d00fa" required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified** example: name,-modified required: false responses: '200': description: List of Access Profiles content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessProfile' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:read - idn:role-unchecked:manage - idn:role-checked:manage - idn:role-checked:read x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN /roles/{roleId}/dimensions/{dimensionId}/entitlements: get: operationId: getDimensionEntitlements tags: - Dimensions summary: List dimension's entitlements description: |- This API lists the Entitlements associated with a given dimension. A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. parameters: - in: path name: roleId required: true x-sailpoint-resource-operation-id: listRoles schema: type: string description: Parent Role Id of the dimension. example: 6603fba3004f43c687610a29195252ce - in: path name: dimensionId schema: type: string required: true x-sailpoint-resource-operation-id: listDimensions description: Id of the Dimension example: 2c9180835d191a86015d28455b4a2329 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **attribute**: *eq, sw* **value**: *eq, sw* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **source.id**: *eq, in* example: attribute eq "memberOf" required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, attribute, value, created, modified** example: name,-modified required: false responses: '200': description: List of Entitlements content: application/json: schema: type: array items: $ref: '#/components/schemas/Entitlement' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:read - idn:role-unchecked:manage - idn:role-checked:manage - idn:role-checked:read x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN /saved-searches: post: security: - userAuth: - sp:saved-search:manage tags: - Saved Search description: | Creates a new saved search. summary: Create a saved search operationId: createSavedSearch requestBody: description: The saved search to persist. content: application/json: schema: allOf: - $ref: '#/components/schemas/SavedSearchName' - $ref: '#/components/schemas/SavedSearchDetail' required: true responses: '201': description: The persisted saved search. content: application/json: schema: $ref: '#/components/schemas/SavedSearch' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' get: security: - userAuth: - sp:saved-search:read tags: - Saved Search description: | Returns a list of saved searches. summary: A list of saved searches operationId: listSavedSearches parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - name: filters in: query schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **owner.id**: *eq* example: owner.id eq "7a724640-0c17-4ce9-a8c3-4a89738459c8" responses: '200': description: The list of requested saved searches. content: application/json: schema: type: array items: $ref: '#/components/schemas/SavedSearch' headers: X-Total-Count: description: The total result count (returned only if the *count* parameter is specified as *true*). schema: type: integer example: 5 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /saved-searches/{id}: put: tags: - Saved Search description: | Updates an existing saved search. >**NOTE: You cannot update the `owner` of the saved search.** summary: | Updates an existing saved search operationId: putSavedSearch parameters: - in: path name: id description: ID of the requested document. schema: type: string required: true example: 2c91808568c529c60168cca6f90c1313 x-sailpoint-resource-operation-id: listSavedSearches requestBody: description: The saved search to persist. content: application/json: schema: $ref: '#/components/schemas/SavedSearch' required: true responses: '200': description: The persisted saved search. content: application/json: schema: $ref: '#/components/schemas/SavedSearch' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:saved-search:manage get: tags: - Saved Search description: | Returns the specified saved search. summary: Return saved search by id operationId: getSavedSearch parameters: - in: path name: id description: ID of the requested document. schema: type: string required: true example: 2c91808568c529c60168cca6f90c1313 x-sailpoint-resource-operation-id: listSavedSearches responses: '200': description: The requested saved search. content: application/json: schema: $ref: '#/components/schemas/SavedSearch' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:saved-search:read delete: tags: - Saved Search description: | Deletes the specified saved search. summary: Delete document by id operationId: deleteSavedSearch parameters: - in: path name: id description: ID of the requested document. schema: type: string required: true example: 2c91808568c529c60168cca6f90c1313 x-sailpoint-resource-operation-id: listSavedSearches responses: '204': description: No Content - Indicates the request was successful but there is no content to be returned in the response. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:saved-search:manage /saved-searches/{id}/execute: post: tags: - Saved Search description: | Executes the specified saved search. summary: Execute a saved search by id operationId: executeSavedSearch parameters: - $ref: '#/components/parameters/id' requestBody: description: | When saved search execution is triggered by a scheduled search, *scheduleId* will specify the ID of the triggering scheduled search. If *scheduleId* is not specified (when execution is triggered by a UI test), the *owner* and *recipients* arguments must be provided. content: application/json: schema: $ref: '#/components/schemas/SearchArguments' examples: scheduled: $ref: '#/components/examples/execute-scheduled' test: $ref: '#/components/examples/execute-test' required: true responses: '202': description: Accepted - Returned if the request was successfully accepted into the system. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:saved-search:manage /scheduled-searches: post: tags: - Scheduled Search description: | Creates a new scheduled search. summary: Create a new scheduled search operationId: createScheduledSearch requestBody: description: The scheduled search to persist. content: application/json: schema: allOf: - $ref: '#/components/schemas/ScheduledSearchName' - $ref: '#/components/schemas/SearchSchedule' examples: Daily Search: description: A search that executes each day at a 9 AM value: savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad schedule: type: DAILY hours: type: LIST values: - '9' recipients: - type: IDENTITY id: 2c9180867624cbd7017642d8c8c81f67 Weekly Search: description: A search that executes each week on select days and times value: savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad schedule: type: WEEKLY days: type: LIST values: - MON - TUE - WED - THU - FRI - SAT - SUN hours: type: LIST values: - '9' recipients: - type: IDENTITY id: 2c9180867624cbd7017642d8c8c81f67 Monthly Search: description: A search that executes each month on select days and times value: savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad schedule: type: MONTHLY days: type: LIST values: - '1' - '7' - '14' - L hours: type: LIST values: - '9' recipients: - type: IDENTITY id: 2c9180867624cbd7017642d8c8c81f67 Annual Search: description: A search that executes each year on the defined months, days, and times. value: savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad schedule: type: ANNUALLY months: type: LIST values: - '1' interval: 3 days: type: LIST values: - '1' - '7' - '14' - L hours: type: LIST values: - '9' recipients: - type: IDENTITY id: 2c9180867624cbd7017642d8c8c81f67 Calendar Search: description: A search that executes on specific calendar days value: savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad schedule: type: CALENDAR days: type: LIST values: - '2023-01-22' - '2023-02-22' hours: type: LIST values: - '9' recipients: - type: IDENTITY id: 2c9180867624cbd7017642d8c8c81f67 required: true responses: '201': description: The persisted scheduled search. content: application/json: schema: $ref: '#/components/schemas/ScheduledSearch' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:scheduled-search:manage get: tags: - Scheduled Search description: | Returns a list of scheduled searches. summary: List scheduled searches operationId: listScheduledSearch parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - name: filters in: query schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **owner.id**: *eq* **savedSearchId**: *eq* example: savedSearchId eq "6cc0945d-9eeb-4948-9033-72d066e1153e" responses: '200': description: The list of requested scheduled searches. content: application/json: schema: type: array items: $ref: '#/components/schemas/ScheduledSearch' headers: X-Total-Count: description: The total result count (returned only if the *count* parameter is specified as *true*). schema: type: integer example: 5 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:scheduled-search:manage /scheduled-searches/{id}: put: tags: - Scheduled Search description: | Updates an existing scheduled search. summary: Update an existing scheduled search operationId: updateScheduledSearch parameters: - in: path name: id description: ID of the requested document. schema: type: string required: true example: 2c91808568c529c60168cca6f90c1313 x-sailpoint-resource-operation-id: listScheduledSearch requestBody: description: The scheduled search to persist. content: application/json: schema: $ref: '#/components/schemas/ScheduledSearch' required: true responses: '200': description: The persisted scheduled search. content: application/json: schema: $ref: '#/components/schemas/ScheduledSearch' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:scheduled-search:manage get: tags: - Scheduled Search description: Returns the specified scheduled search. summary: Get a scheduled search operationId: getScheduledSearch parameters: - in: path name: id description: ID of the requested document. schema: type: string required: true example: 2c91808568c529c60168cca6f90c1313 x-sailpoint-resource-operation-id: listScheduledSearch responses: '200': description: The requested scheduled search. content: application/json: schema: $ref: '#/components/schemas/ScheduledSearch' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: [] delete: tags: - Scheduled Search description: | Deletes the specified scheduled search. operationId: deleteScheduledSearch summary: Delete a scheduled search parameters: - in: path name: id description: ID of the requested document. schema: type: string required: true example: 2c91808568c529c60168cca6f90c1313 x-sailpoint-resource-operation-id: listScheduledSearch responses: '204': description: No Content - Indicates the request was successful but there is no content to be returned in the response. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:scheduled-search:manage /scheduled-searches/{id}/unsubscribe: post: tags: - Scheduled Search description: | Unsubscribes a recipient from the specified scheduled search. operationId: unsubscribeScheduledSearch summary: Unsubscribe a recipient from scheduled search parameters: - $ref: '#/components/parameters/id' requestBody: description: | The recipient to be removed from the scheduled search. content: application/json: schema: $ref: '#/components/schemas/TypedReference' required: true responses: '204': description: No Content - Indicates the request was successful but there is no content to be returned in the response. '400': $ref: '#/components/responses/400' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' /search: post: tags: - Search description: 'Perform a search with the provided query and return a matching result collection. To page past 10,000 records, you can use `searchAfter` paging. Refer to [Paginating Search Queries](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-search-queries) for more information about how to implement `searchAfter` paging. ' externalDocs: description: Learn more about search. url: https://documentation.sailpoint.com/saas/help/search/index.html operationId: searchPost security: - userAuth: - sp:search:read - applicationAuth: - sp:search:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN - REPORT_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - ROLE_ADMIN - ROLE_SUBADMIN - HELPDESK summary: Perform search parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/searchlimit' - $ref: '#/components/parameters/count' requestBody: content: application/json: schema: $ref: '#/components/schemas/Search' examples: accessProfiles: $ref: '#/components/examples/query-accessprofiles' accountActivities: $ref: '#/components/examples/query-accountactivities' entitlements: $ref: '#/components/examples/query-entitlements' events: $ref: '#/components/examples/query-events' identities: $ref: '#/components/examples/query-identities' roles: $ref: '#/components/examples/query-roles' query-fields: $ref: '#/components/examples/query-fields' query-timeZone: $ref: '#/components/examples/query-timeZone' query-innerHit: $ref: '#/components/examples/query-innerHit' typeAheadQuery: $ref: '#/components/examples/typeAheadQuery' typeAheadQuery-nestedType: $ref: '#/components/examples/typeAheadQuery-nestedType' filter-exists: $ref: '#/components/examples/filter-exists' filter-range: $ref: '#/components/examples/filter-range' filter-terms: $ref: '#/components/examples/filter-terms' required: true responses: '200': description: List of matching documents. content: application/json: schema: type: array items: $ref: '#/components/schemas/SearchDocuments' examples: accessProfiles: $ref: '#/components/examples/accessProfiles' accountActivities: $ref: '#/components/examples/accountActivities' entitlements: $ref: '#/components/examples/entitlements' events: $ref: '#/components/examples/events' identities: $ref: '#/components/examples/identities' roles: $ref: '#/components/examples/roles' query-fields: $ref: '#/components/examples/queryFields' query-timeZone: $ref: '#/components/examples/queryTimeZone' query-innerHit: $ref: '#/components/examples/queryInnerHit' typeAheadQuery: $ref: '#/components/examples/typeAheadQuery-2' typeAheadQuery-nestedType: $ref: '#/components/examples/typeAheadQueryNestedType' filter-exists: $ref: '#/components/examples/filterExists' filter-range: $ref: '#/components/examples/filterRange' filter-terms: $ref: '#/components/examples/filterTerms' headers: X-Total-Count: schema: type: integer description: The total result count (returned only if the *count* parameter is specified as *true*). example: 30 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /search/count: post: tags: - Search description: Performs a search with a provided query and returns the count of results in the X-Total-Count header. operationId: searchCount security: - userAuth: - sp:search:read - applicationAuth: - sp:search:read summary: Count documents satisfying a query requestBody: content: application/json: schema: $ref: '#/components/schemas/Search' examples: query-timeZone: $ref: '#/components/examples/query-timeZone' required: true responses: '204': description: No content - indicates the request was successful but there is no content to be returned in the response. headers: X-Total-Count: description: The total result count. schema: type: integer example: 5 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /search/aggregate: post: tags: - Search description: 'Performs a search query aggregation and returns the aggregation result. By default, you can page a maximum of 10,000 search result records. To page past 10,000 records, you can use searchAfter paging. Refer to [Paginating Search Queries](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-search-queries) for more information about how to implement searchAfter paging. ' operationId: searchAggregate security: - userAuth: - sp:search:read - applicationAuth: - sp:search:read summary: Perform a search query aggregation parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' requestBody: content: application/json: schema: $ref: '#/components/schemas/Search' examples: metricAggregation: $ref: '#/components/examples/metricAggregation' metricAggregation-dsl: $ref: '#/components/examples/metricAggregation-dsl' bucketAggregation: $ref: '#/components/examples/bucketAggregation' bucketAggregation-dsl: $ref: '#/components/examples/bucketAggregation-dsl' nestedAggregation-bucketAggregation: $ref: '#/components/examples/nestedAggregation-bucketAggregation' nestedAggregation-bucketAggregation-dsl: $ref: '#/components/examples/nestedAggregation-bucketAggregation-dsl' nestedAggregation-filterAggregation-bucketAggregation: $ref: '#/components/examples/nestedAggregation-filterAggregation-bucketAggregation' nestedAggregation-filterAggregation-bucketAggregation-dsl: $ref: '#/components/examples/nestedAggregation-filterAggregation-bucketAggregation-dsl' bucketAggregation-subAggregation: $ref: '#/components/examples/bucketAggregation-subAggregation' bucketAggregation-subAggregation-dsl: $ref: '#/components/examples/bucketAggregation-subAggregation-dsl' required: true responses: '200': description: Aggregation results. content: application/json: schema: $ref: '#/components/schemas/AggregationResult' text/csv: schema: $ref: '#/components/schemas/AggregationResult-csv' headers: X-Total-Count: description: The total result count (returned only if the *count* parameter is specified as *true*). schema: type: integer example: 5 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /search/{index}/{id}: get: tags: - Search description: Fetches a single document from the specified index, using the specified document ID. operationId: searchGet security: - userAuth: - sp:search:read - applicationAuth: - sp:search:read x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN - REPORT_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - ROLE_ADMIN - ROLE_SUBADMIN - HELPDESK summary: Get a document by id parameters: - $ref: '#/components/parameters/index' - $ref: '#/components/parameters/id' responses: '200': description: The requested document. content: application/json: schema: $ref: '#/components/schemas/SearchDocument' examples: accessProfile: $ref: '#/components/examples/accessProfile' accountActivity: $ref: '#/components/examples/accountActivity' entitlement: $ref: '#/components/examples/entitlement' event: $ref: '#/components/examples/event' identity: $ref: '#/components/examples/identity' role: $ref: '#/components/examples/role' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /segments: post: operationId: createSegment security: - userAuth: - idn:segment:manage - applicationAuth: - idn:segment:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Segments summary: Create segment description: |- This API creates a segment. >**Note:** Segment definitions may take time to propagate to all identities. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Segment' responses: '201': description: Segment created content: application/json: schema: $ref: '#/components/schemas/Segment' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' get: operationId: listSegments security: - userAuth: - idn:segment:read - idn:segment:manage - applicationAuth: - idn:segment:read - idn:segment:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Segments summary: List segments description: 'This API returns a list of all segments. ' parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' responses: '200': description: List of all segments content: application/json: schema: type: array items: $ref: '#/components/schemas/Segment' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /segments/{id}: get: operationId: getSegment security: - userAuth: - idn:segment:read - idn:segment:manage - applicationAuth: - idn:segment:read - idn:segment:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Segments summary: Get segment by id description: This API returns the segment specified by the given ID. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSegments description: The segment ID to retrieve. example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: Segment content: application/json: schema: $ref: '#/components/schemas/Segment' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteSegment security: - userAuth: - idn:segment:manage - applicationAuth: - idn:segment:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Segments summary: Delete segment by id description: |- This API deletes the segment specified by the given ID. >**Note:** that segment deletion may take some time to become effective. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSegments description: The segment ID to delete. example: ef38f94347e94562b5bb8424a56397d8 responses: '204': description: No content. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchSegment security: - userAuth: - idn:segment:manage - applicationAuth: - idn:segment:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Segments summary: Update segment description: |- Use this API to update segment fields by using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. >**Note:** Changes to a segment may take some time to propagate to all identities. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSegments description: The segment ID to modify. example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true description: | A list of segment update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * name * description * owner * visibilityCriteria * active content: application/json-patch+json: schema: type: array items: type: object examples: Set Visibility Criteria: description: Set the visibility criteria value: - op: replace path: /visibilityCriteria value: expression: operator: AND children: - operator: EQUALS attribute: location value: type: STRING value: Philadelphia - operator: EQUALS attribute: department value: type: STRING value: HR responses: '200': description: Indicates the PATCH operation succeeded, and returns the segment's new representation. content: application/json: schema: $ref: '#/components/schemas/Segment' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /service-desk-integrations: get: tags: - Service Desk Integration summary: List existing service desk integrations description: Get a list of Service Desk integration objects. operationId: getServiceDeskIntegrations parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - name: sorters in: query required: false style: form explode: true schema: type: string description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name** example: name - name: filters in: query required: false style: form explode: true schema: type: string format: comma-separated description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq* **type**: *eq, in* **cluster**: *eq, in* example: name eq "John Doe" - $ref: '#/components/parameters/count' responses: '200': description: List of ServiceDeskIntegrationDto content: application/json: schema: type: array items: $ref: '#/components/schemas/ServiceDeskIntegrationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:read - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN post: tags: - Service Desk Integration summary: Create new service desk integration description: Create a new Service Desk integration. operationId: createServiceDeskIntegration requestBody: description: The specifics of a new integration to create content: application/json: schema: $ref: '#/components/schemas/ServiceDeskIntegrationDto' required: true responses: '200': description: Details of the created integration content: application/json: schema: $ref: '#/components/schemas/ServiceDeskIntegrationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN /service-desk-integrations/{id}: get: tags: - Service Desk Integration summary: Get a service desk integration description: Get an existing Service Desk integration by ID. operationId: getServiceDeskIntegration parameters: - name: id in: path description: ID of the Service Desk integration to get required: true x-sailpoint-resource-operation-id: getServiceDeskIntegrations style: simple explode: false schema: type: string example: anId responses: '200': description: ServiceDeskIntegrationDto with the given ID content: application/json: schema: $ref: '#/components/schemas/ServiceDeskIntegrationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:read - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN put: tags: - Service Desk Integration summary: Update a service desk integration description: Update an existing Service Desk integration by ID. operationId: putServiceDeskIntegration parameters: - name: id in: path description: ID of the Service Desk integration to update required: true x-sailpoint-resource-operation-id: getServiceDeskIntegrations style: simple explode: false schema: type: string example: anId requestBody: description: The specifics of the integration to update content: application/json: schema: $ref: '#/components/schemas/ServiceDeskIntegrationDto' required: true responses: '200': description: ServiceDeskIntegrationDto as updated content: application/json: schema: $ref: '#/components/schemas/ServiceDeskIntegrationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN delete: tags: - Service Desk Integration summary: Delete a service desk integration description: Delete an existing Service Desk integration by ID. operationId: deleteServiceDeskIntegration parameters: - name: id in: path description: ID of Service Desk integration to delete required: true x-sailpoint-resource-operation-id: getServiceDeskIntegrations style: simple explode: false schema: type: string example: anId responses: '204': description: Service Desk integration with the given ID successfully deleted '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN patch: operationId: patchServiceDeskIntegration tags: - Service Desk Integration summary: Patch a service desk integration description: Update an existing Service Desk integration by ID with a PATCH request. parameters: - name: id in: path description: ID of the Service Desk integration to update required: true x-sailpoint-resource-operation-id: getServiceDeskIntegrations style: simple explode: false schema: type: string example: anId requestBody: required: true description: | A list of SDIM update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Only `replace` operations are accepted by this endpoint. A 403 Forbidden Error indicates that a PATCH operation was attempted that is not allowed. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /ownerRef value: id: 2c9180867d05b227017d09921a205b4d type: IDENTITY name: Angelo Medici responses: '200': description: ServiceDeskIntegrationDto as updated content: application/json: schema: $ref: '#/components/schemas/ServiceDeskIntegrationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN /service-desk-integrations/types: get: tags: - Service Desk Integration summary: List service desk integration types description: This API endpoint returns the current list of supported Service Desk integration types. operationId: getServiceDeskIntegrationTypes responses: '200': description: Responds with an array of the currently supported Service Desk integration types. content: application/json: schema: type: array items: $ref: '#/components/schemas/ServiceDeskIntegrationTemplateType' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:read - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN /service-desk-integrations/templates/{scriptName}: get: tags: - Service Desk Integration summary: Service desk integration template by scriptname description: This API endpoint returns an existing Service Desk integration template by scriptName. operationId: getServiceDeskIntegrationTemplate parameters: - name: scriptName in: path description: The scriptName value of the Service Desk integration template to get required: true x-sailpoint-resource-operation-id: getServiceDeskIntegrations style: simple explode: false schema: type: string example: aScriptName responses: '200': description: Responds with the ServiceDeskIntegrationTemplateDto with the specified scriptName. content: application/json: schema: $ref: '#/components/schemas/ServiceDeskIntegrationTemplateDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:read - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN /service-desk-integrations/status-check-configuration: get: tags: - Service Desk Integration summary: Get the time check configuration description: Get the time check configuration of queued SDIM tickets. operationId: getStatusCheckDetails responses: '200': description: QueuedCheckConfigDetails containing the configured values content: application/json: schema: $ref: '#/components/schemas/QueuedCheckConfigDetails' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:read - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN put: tags: - Service Desk Integration summary: Update the time check configuration description: Update the time check configuration of queued SDIM tickets. operationId: updateStatusCheckDetails requestBody: description: The modified time check configuration content: application/json: schema: $ref: '#/components/schemas/QueuedCheckConfigDetails' required: true responses: '200': description: QueuedCheckConfigDetails as updated content: application/json: schema: $ref: '#/components/schemas/QueuedCheckConfigDetails' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN /query-password-info: post: operationId: queryPasswordInfo tags: - Password Management summary: Query password info security: - userAuth: - idn:password-info:read - applicationAuth: - idn:password-info:read description: | This API is used to query password related information. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PasswordInfoQueryDTO' responses: '200': description: Reference to the password info. content: application/json: schema: $ref: '#/components/schemas/PasswordInfo' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /set-password: post: operationId: setPassword tags: - Password Management summary: Set identity's password security: - userAuth: - idn:password-change:manage - applicationAuth: - idn:password-change:manage description: | This API is used to set a password for an identity. An identity can change their own password (as well as any of their accounts' passwords) if they use a token generated by their ISC user, such as a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) or ["authorization_code" derived OAuth token](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow). >**Note: If you want to set an identity's source account password, you must enable `PASSWORD` as one of the source's features. You can use the [PATCH Source endpoint](https://developer.sailpoint.com/docs/api/v3/update-source) to add the `PASSWORD` feature.** To generate the encryptedPassword (RSA encrypted using publicKey) for the request body, run the following command: ```bash echo -n "myPassword" | openssl pkeyutl -encrypt -inkey public_key.pem -pubin | base64 ``` In this example, myPassword is the plain text password being set and encrypted, and public_key.pem is the path to the public key file. You can retrieve the required publicKey, along with other information like identityId, sourceId, publicKeyId, accounts, and policies, using the Query Password Info endpoint. To successfully run this command, you must have OpenSSL installed on your machine. If OpenSSL is unavailable, consider using the Virtual Appliance (VA), which has OpenSSL pre-installed and configured. If you are using a Windows machine, refer to this [guide](https://tecadmin.net/install-openssl-on-windows/) for instructions on installing OpenSSL. You can then use [Get Password Change Request Status](https://developer.sailpoint.com/idn/api/v3/get-password-change-status) to check the password change request status. To do so, you must provide the `requestId` from your earlier request to set the password. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PasswordChangeRequest' responses: '202': description: Reference to the password change. content: application/json: schema: $ref: '#/components/schemas/PasswordChangeResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /password-change-status/{id}: get: operationId: getPasswordChangeStatus tags: - Password Management summary: Get password change request status security: - userAuth: - idn:password-change:read - applicationAuth: - idn:password-change:read x-sailpoint-userLevels: - ORG_ADMIN description: This API returns the status of a password change request. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: setPassword example: 089899f13a8f4da7824996191587bab9 description: Password change request ID responses: '200': description: Status of the password change request content: application/json: schema: $ref: '#/components/schemas/PasswordStatus' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /password-dictionary: get: operationId: getPasswordDictionary tags: - Password Dictionary summary: Get password dictionary description: |- This gets password dictionary for the organization. The password dictionary file can contain lines that are: 1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing 2. empty lines 3. locale line - the first line that starts with "locale=" is considered to be locale line, the rest are treated as normal content lines 4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed; maximum length of the line is 128 Unicode codepoints Password dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line). Password dict file must contain UTF-8 characters only. # Sample password text file ``` # Password dictionary small test file locale=en_US # Password dictionary prohibited words qwerty abcd aaaaa password qazxsws ``` security: - userAuth: - idn:password-dictionary:read - idn:password-dictionary:manage x-sailpoint-userLevels: - ORG_ADMIN responses: '200': description: A password dictionary response content: text/plain: schema: type: string '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putPasswordDictionary tags: - Password Dictionary summary: Update password dictionary description: |- This updates password dictionary for the organization. The password dictionary file can contain lines that are: 1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing 2. empty lines 3. locale line - the first line that starts with "locale=" is considered to be locale line, the rest are treated as normal content lines 4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed; maximum length of the line is 128 Unicode codepoints Password dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line). Password dict file must contain UTF-8 characters only. # Sample password text file ``` # Password dictionary small test file locale=en_US # Password dictionary prohibited words qwerty abcd aaaaa password qazxsws ``` security: - userAuth: - idn:password-dictionary:manage x-sailpoint-userLevels: - ORG_ADMIN requestBody: required: true description: The password dictionary file to be uploaded. content: multipart/form-data: schema: type: object properties: file: type: string format: binary responses: '200': description: Successfully updated. '201': description: Created. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /password-org-config: get: operationId: getPasswordOrgConfig tags: - Password Configuration summary: Get password org config description: This API returns the password org config . Requires ORG_ADMIN, API role or authorization scope of 'idn:password-org-config:read' security: - userAuth: - idn:password-org-config:read - applicationAuth: - idn:password-org-config:read responses: '200': description: Reference to the password org config. content: application/json: schema: $ref: '#/components/schemas/PasswordOrgConfig' example: customInstructionsEnabled: true digitTokenDurationMinutes: 9 digitTokenEnabled: false digitTokenLength: 6 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putPasswordOrgConfig tags: - Password Configuration summary: Update password org config description: |- This API updates the password org config for specified fields. Other fields will keep original value. You must set the `customInstructionsEnabled` field to "true" to be able to use custom password instructions. Requires ORG_ADMIN, API role or authorization scope of 'idn:password-org-config:write' security: - userAuth: - idn:password-org-config:manage - applicationAuth: - idn:password-org-config:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PasswordOrgConfig' example: digitTokenEnabled: true digitTokenDurationMinutes: 12 responses: '200': description: Reference to the password org config. content: application/json: schema: $ref: '#/components/schemas/PasswordOrgConfig' example: customInstructionsEnabled: true digitTokenDurationMinutes: 12 digitTokenEnabled: true digitTokenLength: 6 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createPasswordOrgConfig tags: - Password Configuration summary: Create password org config description: |- This API creates the password org config. Unspecified fields will use default value. To be able to use the custom password instructions, you must set the `customInstructionsEnabled` field to "true". Requires ORG_ADMIN, API role or authorization scope of 'idn:password-org-config:write' security: - userAuth: - idn:password-org-config:manage - applicationAuth: - idn:password-org-config:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PasswordOrgConfig' example: customInstructionsEnabled: true digitTokenEnabled: true digitTokenDurationMinutes: 12 digitTokenLength: 9 responses: '200': description: Reference to the password org config. content: application/json: schema: $ref: '#/components/schemas/PasswordOrgConfig' example: customInstructionsEnabled: true digitTokenDurationMinutes: 9 digitTokenEnabled: true digitTokenLength: 12 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /reports/{taskResultId}/result: get: tags: - Reports Data Extraction description: Get the report results for a report that was run or is running. Returns empty report result in case there are no active task definitions with used in payload task definition name. operationId: getReportResult summary: Get report result security: - userAuth: - sp:report:read - sp:report:manage - applicationAuth: - sp:report:read - sp:report:manage parameters: - in: path name: taskResultId schema: type: string required: true x-sailpoint-resource-operation-id: startReport description: Unique identifier of the task result which handled report example: ef38f94347e94562b5bb8424a56397d8 - in: query name: completed schema: type: boolean default: false required: false description: state of task result to apply ordering when results are fetching from the DB example: true responses: '200': description: Details about report that was run or is running. content: application/json: schema: $ref: '#/components/schemas/ReportResults' examples: identityDetailsReport: $ref: '#/components/examples/identities-details-report-results' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /reports/run: post: tags: - Reports Data Extraction description: Use this API to run a report according to report input details. If non-concurrent task is already running then it returns, otherwise new task creates and returns. operationId: startReport summary: Run report security: - userAuth: - sp:report:manage - applicationAuth: - sp:report:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN - REPORT_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN requestBody: content: application/json: schema: $ref: '#/components/schemas/ReportDetails' examples: Account Export Report: $ref: '#/components/examples/account-export-report-details' Identities Details Report: $ref: '#/components/examples/identities-details-report-details' Identities Report: $ref: '#/components/examples/identities-report-details' Identity Profile Identity Error Report: $ref: '#/components/examples/identity-profile-identity-error-report-details' Orphan Identities Report: $ref: '#/components/examples/orphan-identities-report-details' Search Export Report: $ref: '#/components/examples/search-export-report-details' Uncorrelated Accounts Report: $ref: '#/components/examples/uncorrelated-accounts-report-details' required: true responses: '200': description: Details about running report task. content: application/json: schema: $ref: '#/components/schemas/TaskResultDetails' examples: identityDetailsReport: $ref: '#/components/examples/identities-details-report-task-result' searchExportReport: $ref: '#/components/examples/search-export-report-task-result' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /reports/{id}/cancel: post: tags: - Reports Data Extraction description: Cancels a running report. operationId: cancelReport summary: Cancel report security: - userAuth: - sp:report:manage parameters: - name: id in: path description: ID of the running Report to cancel required: true x-sailpoint-resource-operation-id: startReport style: simple explode: false schema: type: string example: a1ed223247144cc29d23c632624b4767 responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /reports/{taskResultId}: get: tags: - Reports Data Extraction description: Gets a report in file format. operationId: getReport summary: Get report file security: - userAuth: - sp:report:read - sp:report:manage - applicationAuth: - sp:report:read - sp:report:manage parameters: - in: path name: taskResultId schema: type: string required: true x-sailpoint-resource-operation-id: startReport description: Unique identifier of the task result which handled report example: ef38f94347e94562b5bb8424a56397d8 - in: query name: fileFormat schema: type: string enum: - csv - pdf required: true description: Output format of the requested report file example: csv - in: query name: name required: false schema: type: string example: Identities Details Report description: preferred Report file name, by default will be used report name from task result. - in: query name: auditable required: false schema: type: boolean default: false example: true description: Enables auditing for current report download. Will create an audit event and sent it to the REPORT cloud-audit kafka topic. Event will be created if there is any result present by requested taskResultId. responses: '200': description: Report file in selected format. CSV by default. content: application/csv: schema: type: string format: binary application/pdf: schema: type: string format: binary headers: Content-disposition: description: The requested report's filename schema: type: string example: attachment;filename=\"fileName" '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': description: Not Found - returned if the request URL refers to a resource or object that does not exist content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: '404': summary: An example of a 404 response object value: detailCode: 404 Not found trackingId: b21b1f7ce4da4d639f2c62a57171b427 messages: - locale: en-US localeOrigin: DEFAULT text:

File Not Found - 404 Error

The requested file was not found. '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-policies: post: security: - userAuth: - idn:sod-policy:manage operationId: createSodPolicy tags: - SOD Policies summary: Create sod policy description: |- This creates both General and Conflicting Access Based policy, with a limit of 50 entitlements for each (left & right) criteria for Conflicting Access Based SOD policy. Requires role of ORG_ADMIN. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SodPolicy' examples: Conflicting Access Based Policy: value: name: Conflicting-Policy-Name description: This policy ensures compliance of xyz ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Owner Name externalPolicyReference: XYZ policy compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee correctionAdvice: Based on the role of the employee, managers should remove access that is not required for their job function. state: ENFORCED tags: - string creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde violationOwnerAssignmentConfig: assignmentRule: MANAGER ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Violation Owner Name scheduled: true type: CONFLICTING_ACCESS_BASED conflictingAccessCriteria: leftCriteria: name: money-in criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a66 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a67 rightCriteria: name: money-out criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a68 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a69 General Policy: value: description: Description ownerRef: type: IDENTITY id: 2c918087682f9a86016839c05e8f1aff name: Owner Name externalPolicyReference: New policy policyQuery: policy query implementation compensatingControls: Compensating controls correctionAdvice: Correction advice tags: [] state: ENFORCED scheduled: false creatorId: 2c918087682f9a86016839c05e8f1aff modifierId: null violationOwnerAssignmentConfig: null name: General-Policy-Name responses: '201': description: SOD policy created content: application/json: schema: $ref: '#/components/schemas/SodPolicy' examples: Conflicting Access Based Policy: value: id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde name: Conflicting-Policy-Name created: '2020-01-01T00:00:00.000000Z' modified: '2020-01-01T00:00:00.000000Z' description: This policy ensures compliance of xyz ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Owner Name externalPolicyReference: XYZ policy policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)' compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee correctionAdvice: Based on the role of the employee, managers should remove access that is not required for their job function. state: ENFORCED tags: - string creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde violationOwnerAssignmentConfig: assignmentRule: MANAGER ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Violation Owner Name scheduled: true type: CONFLICTING_ACCESS_BASED conflictingAccessCriteria: leftCriteria: name: money-in criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a66 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a67 rightCriteria: name: money-out criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a68 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a69 General Policy: value: description: Description ownerRef: type: IDENTITY id: 2c918087682f9a86016839c05e8f1aff name: Owner Name externalPolicyReference: New policy policyQuery: policy query implementation compensatingControls: Compensating controls correctionAdvice: Correction advice tags: [] state: ENFORCED scheduled: false creatorId: 2c918087682f9a86016839c05e8f1aff modifierId: null violationOwnerAssignmentConfig: null type: GENERAL conflictingAccessCriteria: null id: 52c11db4-733e-4c31-949a-766c95ec95f1 name: General-Policy-Name created: '2020-05-12T19:47:38Z' modified: '2020-05-12T19:47:38Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' get: security: - userAuth: - idn:sod-policy:read - idn:sod-policy:manage operationId: listSodPolicies tags: - SOD Policies summary: List sod policies description: |- This gets list of all SOD policies. Requires role of ORG_ADMIN parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, in* **state**: *eq, in* example: id eq "bc693f07e7b645539626c25954c58554" required: false - in: query name: sorters required: false schema: type: string format: comma-separated example: id,name description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, created, modified, description** responses: '200': description: List of all SOD policies. content: application/json: schema: type: array items: $ref: '#/components/schemas/SodPolicy' example: - id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde name: Conflicting-Policy-Name created: '2020-01-01T00:00:00.000000Z' modified: '2020-01-01T00:00:00.000000Z' description: This policy ensures compliance of xyz ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Owner Name externalPolicyReference: XYZ policy policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)' compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee correctionAdvice: Based on the role of the employee, managers should remove access that is not required for their job function. state: ENFORCED tags: - string creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde violationOwnerAssignmentConfig: assignmentRule: MANAGER ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Violation Owner Name scheduled: true type: CONFLICTING_ACCESS_BASED conflictingAccessCriteria: leftCriteria: name: money-in criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a66 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a67 rightCriteria: name: money-out criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a68 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a69 - description: Description ownerRef: type: IDENTITY id: 2c918087682f9a86016839c05e8f1aff name: Owner Name externalPolicyReference: New policy policyQuery: policy query implementation compensatingControls: Compensating controls correctionAdvice: Correction advice tags: [] state: ENFORCED scheduled: false creatorId: 2c918087682f9a86016839c05e8f1aff modifierId: null violationOwnerAssignmentConfig: null type: GENERAL conflictingAccessCriteria: null id: 52c11db4-733e-4c31-949a-766c95ec95f1 name: General-Policy-Name created: '2020-05-12T19:47:38Z' modified: '2020-05-12T19:47:38Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-policies/{id}: get: security: - userAuth: - idn:sod-policy:read - idn:sod-policy:manage operationId: getSodPolicy tags: - SOD Policies summary: Get sod policy by id description: |- This gets specified SOD policy. Requires role of ORG_ADMIN. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSodPolicies description: The ID of the SOD Policy to retrieve. example: ef38f943-47e9-4562-b5bb-8424a56397d8 responses: '200': description: SOD policy ID. content: application/json: schema: $ref: '#/components/schemas/SodPolicy' examples: Conflicting Access Based Policy: value: id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde name: Conflicting-Policy-Name created: '2020-01-01T00:00:00.000000Z' modified: '2020-01-01T00:00:00.000000Z' description: This policy ensures compliance of xyz ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Owner Name externalPolicyReference: XYZ policy policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)' compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee correctionAdvice: Based on the role of the employee, managers should remove access that is not required for their job function. state: ENFORCED tags: - string creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde violationOwnerAssignmentConfig: assignmentRule: MANAGER ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Violation Owner Name scheduled: true type: CONFLICTING_ACCESS_BASED conflictingAccessCriteria: leftCriteria: name: money-in criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a66 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a67 rightCriteria: name: money-out criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a68 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a69 General Policy: value: description: Description ownerRef: type: IDENTITY id: 2c918087682f9a86016839c05e8f1aff name: Owner Name externalPolicyReference: New policy policyQuery: policy query implementation compensatingControls: Compensating controls correctionAdvice: Correction advice tags: [] state: ENFORCED scheduled: false creatorId: 2c918087682f9a86016839c05e8f1aff modifierId: null violationOwnerAssignmentConfig: null type: GENERAL conflictingAccessCriteria: null id: 52c11db4-733e-4c31-949a-766c95ec95f1 name: General-Policy-Name created: '2020-05-12T19:47:38Z' modified: '2020-05-12T19:47:38Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: security: - userAuth: - idn:sod-policy:manage operationId: putSodPolicy tags: - SOD Policies summary: Update sod policy by id description: |- This updates a specified SOD policy. Requires role of ORG_ADMIN. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSodPolicies description: The ID of the SOD policy to update. example: ef38f943-47e9-4562-b5bb-8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SodPolicy' examples: Conflicting Access Based Policy: value: name: Conflicting-Policy-Name description: Modified Description externalPolicyReference: XYZ policy compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee correctionAdvice: Based on the role of the employee, managers should remove access that is not required for their job function. state: ENFORCED tags: - string violationOwnerAssignmentConfig: assignmentRule: MANAGER ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Violation Owner Name scheduled: true type: CONFLICTING_ACCESS_BASED conflictingAccessCriteria: leftCriteria: name: money-in criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a66 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a67 rightCriteria: name: money-out criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a68 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a69 General Policy: value: description: Modified Description ownerRef: type: IDENTITY id: 2c918087682f9a86016839c05e8f1aff name: Owner Name externalPolicyReference: New policy policyQuery: policy query implementation compensatingControls: Compensating controls correctionAdvice: Correction advice tags: [] state: ENFORCED scheduled: false creatorId: 2c918087682f9a86016839c05e8f1aff modifierId: null violationOwnerAssignmentConfig: null type: GENERAL conflictingAccessCriteria: null id: 52c11db4-733e-4c31-949a-766c95ec95f1 name: General-Policy-Name created: '2020-05-12T19:47:38Z' modified: '2020-05-12T19:47:38Z' responses: '200': description: SOD Policy by ID content: application/json: schema: $ref: '#/components/schemas/SodPolicy' examples: Conflicting Access Based Policy: value: id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde name: Conflicting-Policy-Name created: '2020-01-01T00:00:00.000000Z' modified: '2020-01-01T00:00:00.000000Z' description: Modified description ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Owner Name externalPolicyReference: XYZ policy policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c9180866166b5b0016167c32ef31a68 OR id:2c9180866166b5b0016167c32ef31a69)' compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee correctionAdvice: Based on the role of the employee, managers should remove access that is not required for their job function. state: ENFORCED tags: - string creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde violationOwnerAssignmentConfig: assignmentRule: MANAGER ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Violation Owner Name scheduled: true type: CONFLICTING_ACCESS_BASED conflictingAccessCriteria: leftCriteria: name: money-in criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a66 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a67 rightCriteria: name: money-out criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a68 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a69 General Policy: value: description: Modified Description ownerRef: type: IDENTITY id: 2c918087682f9a86016839c05e8f1aff name: Owner Name externalPolicyReference: New policy policyQuery: policy query implementation compensatingControls: Compensating controls correctionAdvice: Correction advice tags: [] state: ENFORCED scheduled: false creatorId: 2c918087682f9a86016839c05e8f1aff modifierId: null violationOwnerAssignmentConfig: null type: GENERAL conflictingAccessCriteria: null id: 52c11db4-733e-4c31-949a-766c95ec95f1 name: General-Policy-Name created: '2020-05-12T19:47:38Z' modified: '2020-05-12T19:47:38Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: security: - userAuth: - idn:sod-policy:manage operationId: deleteSodPolicy tags: - SOD Policies summary: Delete sod policy by id description: |- This deletes a specified SOD policy. Requires role of ORG_ADMIN. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSodPolicies description: The ID of the SOD Policy to delete. example: ef38f943-47e9-4562-b5bb-8424a56397d8 - in: query name: logical schema: type: boolean default: true description: Indicates whether this is a soft delete (logical true) or a hard delete. Soft delete marks the policy as deleted and just save it with this status. It could be fully deleted or recovered further. Hard delete vise versa permanently delete SOD request during this call. example: true required: false responses: '204': description: No content. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: security: - userAuth: - idn:sod-policy:manage operationId: patchSodPolicy tags: - SOD Policies summary: Patch sod policy by id description: |- Allows updating SOD Policy fields other than ["id","created","creatorId","policyQuery","type"] using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Requires role of ORG_ADMIN. This endpoint can only patch CONFLICTING_ACCESS_BASED type policies. Do not use this endpoint to patch general policies - doing so will build an API exception. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSodPolicies description: The ID of the SOD policy being modified. example: 2c918083-5d19-1a86-015d-28455b4a2329 requestBody: required: true description: | A list of SOD Policy update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * name * description * ownerRef * externalPolicyReference * compensatingControls * correctionAdvice * state * tags * violationOwnerAssignmentConfig * scheduled * conflictingAccessCriteria content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' examples: Conflicting Access Based Policy: value: - op: replace path: /description value: Modified description - op: replace path: /conflictingAccessCriteria/leftCriteria/name value: money-in-modified - op: replace path: /conflictingAccessCriteria/rightCriteria value: name: money-out-modified criteriaList: - type: ENTITLEMENT id: 2c918087682f9a86016839c0509c1ab2 General Policy: value: - op: replace path: /description value: Modified description responses: '200': description: Indicates the PATCH operation succeeded, and returns the SOD policy's new representation. content: application/json: schema: $ref: '#/components/schemas/SodPolicy' examples: Conflicting Access Based Policy: value: id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde name: Conflicting-Policy-Name created: '2020-01-01T00:00:00.000000Z' modified: '2020-01-01T00:00:00.000000Z' description: Modified description ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Owner Name externalPolicyReference: XYZ policy policyQuery: '@access(id:2c9180866166b5b0016167c32ef31a66 OR id:2c9180866166b5b0016167c32ef31a67) AND @access(id:2c918087682f9a86016839c0509c1ab2)' compensatingControls: Have a manager review the transaction decisions for their "out of compliance" employee correctionAdvice: Based on the role of the employee, managers should remove access that is not required for their job function. state: ENFORCED tags: - string creatorId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde modifierId: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde violationOwnerAssignmentConfig: assignmentRule: MANAGER ownerRef: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: Violation Owner Name scheduled: true type: CONFLICTING_ACCESS_BASED conflictingAccessCriteria: leftCriteria: name: money-in-modified criteriaList: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a66 - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a67 rightCriteria: name: money-out-modified criteriaList: - type: ENTITLEMENT id: 2c918087682f9a86016839c0509c1ab2 General Policy: value: description: Modified description ownerRef: type: IDENTITY id: 2c918087682f9a86016839c05e8f1aff name: Owner Name externalPolicyReference: New policy policyQuery: policy query implementation compensatingControls: Compensating controls correctionAdvice: Correction advice tags: [] state: ENFORCED scheduled: false creatorId: 2c918087682f9a86016839c05e8f1aff modifierId: null violationOwnerAssignmentConfig: null type: GENERAL conflictingAccessCriteria: null id: 52c11db4-733e-4c31-949a-766c95ec95f1 name: General-Policy-Name created: '2020-05-12T19:47:38Z' modified: '2020-05-12T19:47:38Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-policies/{id}/evaluate: post: security: - userAuth: - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:manage operationId: startEvaluateSodPolicy tags: - SOD Policies summary: Evaluate one policy by id description: Runs the scheduled report for the policy retrieved by passed policy ID. The report schedule is fetched from the policy retrieved by ID. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSodPolicies description: The SOD policy ID to run. example: ef38f943-47e9-4562-b5bb-8424a56397d8 responses: '200': description: Reference to the violation report run task. content: application/json: schema: $ref: '#/components/schemas/ReportResultReference' example: status: PENDING type: REPORT_RESULT id: 37b3b32a-f394-46f8-acad-b5223969fa68 name: Multi Query Report '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-policies/{id}/schedule: get: security: - userAuth: - idn:sod-policy:read - idn:sod-policy:manage operationId: getSodPolicySchedule tags: - SOD Policies summary: Get sod policy schedule description: This endpoint gets a specified SOD policy's schedule. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSodPolicies description: The ID of the SOD policy schedule to retrieve. example: ef38f943-47e9-4562-b5bb-8424a56397d8 responses: '200': description: SOD policy schedule. content: application/json: schema: $ref: '#/components/schemas/SodPolicySchedule' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: security: - userAuth: - idn:sod-policy:manage operationId: putPolicySchedule tags: - SOD Policies summary: Update sod policy schedule description: This updates schedule for a specified SOD policy. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSodPolicies description: The ID of the SOD policy to update its schedule. example: ef38f943-47e9-4562-b5bb-8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SodPolicySchedule' responses: '200': description: Created or updated SOD policy schedule. content: application/json: schema: $ref: '#/components/schemas/SodPolicySchedule' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: security: - userAuth: - idn:sod-policy:manage operationId: deleteSodPolicySchedule tags: - SOD Policies summary: Delete sod policy schedule description: This deletes schedule for a specified SOD policy by ID. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSodPolicies description: The ID of the SOD policy the schedule must be deleted for. example: ef38f943-47e9-4562-b5bb-8424a56397d8 responses: '204': description: No content response. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-policies/{id}/violation-report/run: post: security: - userAuth: - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:manage operationId: startSodPolicy tags: - SOD Policies summary: Runs sod policy violation report description: This invokes processing of violation report for given SOD policy. If the policy reports more than 5000 violations, the report returns with violation limit exceeded message. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSodPolicies description: The SOD policy ID to run. example: ef38f943-47e9-4562-b5bb-8424a56397d8 responses: '200': description: Reference to the violation report run task. content: application/json: schema: $ref: '#/components/schemas/ReportResultReference' example: status: PENDING type: REPORT_RESULT id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d name: policy-xyz '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-policies/{id}/violation-report: get: security: - userAuth: - idn:sod-violation:read - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:read - idn:sod-violation:manage operationId: getSodViolationReportStatus tags: - SOD Policies summary: Get sod violation report status description: This gets the status for a violation report run task that has already been invoked. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: startSodPolicy description: The ID of the violation report to retrieve status for. example: ef38f943-47e9-4562-b5bb-8424a56397d8 responses: '200': description: Status of the violation report run task. content: application/json: schema: $ref: '#/components/schemas/ReportResultReference' example: status: SUCCESS type: REPORT_RESULT id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d name: policy-xyz '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-policies/sod-violation-report-status/{reportResultId}: get: security: - userAuth: - idn:sod-violation:read - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:read - idn:sod-violation:manage operationId: getSodViolationReportRunStatus tags: - SOD Policies summary: Get violation report run status description: This gets the status for a violation report run task that has already been invoked. parameters: - in: path name: reportResultId schema: type: string required: true x-sailpoint-resource-operation-id: getSodAllReportRunStatus description: The ID of the report reference to retrieve. example: 2e8d8180-24bc-4d21-91c6-7affdb473b0d responses: '200': description: Status of the violation report run task. content: application/json: schema: $ref: '#/components/schemas/ReportResultReference' example: status: SUCCESS type: REPORT_RESULT id: 2e8d8180-24bc-4d21-91c6-7affdb473b0d name: policy-xyz '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-violations/predict: post: security: - userAuth: - idn:sod-violation:read - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:read - idn:sod-violation:manage x-sailpoint-userLevels: - ORG_ADMIN operationId: startPredictSodViolations tags: - SOD Violations summary: Predict sod violations for identity. description: This API is used to check if granting some additional accesses would cause the subject to be in violation of any SOD policies. Returns the violations that would be caused. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/IdentityWithNewAccess' example: identityId: 2c91808568c529c60168cca6f90c1313 accessRefs: - type: ENTITLEMENT id: 2c918087682f9a86016839c050861ab1 - type: ENTITLEMENT id: 2c918087682f9a86016839c0509c1ab2 responses: '200': description: Violation Contexts content: application/json: schema: $ref: '#/components/schemas/ViolationPrediction' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-violations/check: post: security: - userAuth: - idn:sod-violation:read - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:read - idn:sod-violation:manage x-sailpoint-userLevels: - ORG_ADMIN operationId: startViolationCheck tags: - SOD Violations summary: Check sod violations description: This API initiates a SOD policy verification asynchronously. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/IdentityWithNewAccess' example: identityId: 2c91808568c529c60168cca6f90c1313 accessRefs: - type: ENTITLEMENT id: 2c918087682f9a86016839c050861ab1 - type: ENTITLEMENT id: 2c918087682f9a86016839c0509c1ab2 clientMetadata: additionalProp1: string additionalProp2: string additionalProp3: string responses: '202': description: Request ID with a timestamp. content: application/json: schema: $ref: '#/components/schemas/SodViolationCheck' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-violation-report/run: post: security: - userAuth: - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:manage operationId: startSodAllPoliciesForOrg tags: - SOD Policies summary: Runs all policies for org description: Runs multi-policy report for the org. If a policy reports more than 5000 violations, the report mentions that the violation limit was exceeded for that policy. If the request is empty, the report runs for all policies. Otherwise, the report runs for only the filtered policy list provided. requestBody: required: false content: application/json: schema: $ref: '#/components/schemas/MultiPolicyRequest' example: filteredPolicyList: - b868cd40-ffa4-4337-9c07-1a51846cfa94 - 63a07a7b-39a4-48aa-956d-50c827deba2a responses: '200': description: Reference to the violation report run task. content: application/json: schema: $ref: '#/components/schemas/ReportResultReference' example: status: PENDING type: REPORT_RESULT id: 37b3b32a-f394-46f8-acad-b5223969fa68 name: Multi Query Report '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-violation-report: get: security: - userAuth: - idn:sod-violation:read - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:read - idn:sod-violation:manage operationId: getSodAllReportRunStatus tags: - SOD Policies summary: Get multi-report run task status description: This endpoint gets the status for a violation report for all policy run. responses: '200': description: Status of the violation report run task for all policy run. content: application/json: schema: $ref: '#/components/schemas/ReportResultReference' example: status: SUCCESS type: REPORT_RESULT id: 37b3b32a-f394-46f8-acad-b5223969fa68 name: Multi Query Report '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-violation-report/{reportResultId}/download: get: security: - userAuth: - idn:sod-violation:read - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:read - idn:sod-violation:manage operationId: getDefaultViolationReport tags: - SOD Policies summary: Download violation report description: This allows to download a violation report for a given report reference. parameters: - in: path name: reportResultId schema: type: string required: true x-sailpoint-resource-operation-id: startSodPolicy description: The ID of the report reference to download. example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: Returns the PolicyReport.zip that contains the violation report file. content: application/zip: schema: type: string format: binary '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sod-violation-report/{reportResultId}/download/{fileName}: get: security: - userAuth: - idn:sod-violation:read - idn:sod-violation:manage - applicationAuth: - idn:sod-violation:read - idn:sod-violation:manage operationId: getCustomViolationReport tags: - SOD Policies summary: Download custom violation report description: This allows to download a specified named violation report for a given report reference. parameters: - in: path name: reportResultId schema: type: string required: true x-sailpoint-resource-operation-id: startSodPolicy description: The ID of the report reference to download. example: ef38f94347e94562b5bb8424a56397d8 - in: path name: fileName schema: type: string required: true description: Custom Name for the file. example: custom-name responses: '200': description: Returns the zip file with given custom name that contains the violation report file. content: application/zip: schema: type: string format: binary '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources: get: operationId: listSources security: - userAuth: - idn:sources:read - idn:sources:manage - applicationAuth: - idn:sources:read - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - ROLE_SUBADMIN tags: - Sources summary: Lists all sources in identitynow. description: This end-point lists all the sources in IdentityNow. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string example: name eq "Employees" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in, ge, gt, le, lt, ne, isnull, sw* **name**: *co, eq, in, sw, ge, gt, ne, isnull* **type**: *eq, in, ge, gt, ne, isnull, sw* **owner.id**: *eq, in, ge, gt, le, lt, ne, isnull, sw* **features**: *ca, co* **created**: *eq, ge, gt, in, le, lt, ne, isnull, sw* **modified**: *eq, ge, gt, in, le, lt, ne, isnull, sw* **managementWorkgroup.id**: *eq, ge, gt, in, le, lt, ne, isnull, sw* **description**: *eq, sw* **authoritative**: *eq, ne, isnull* **healthy**: *isnull* **status**: *eq, in, ge, gt, le, lt, ne, isnull, sw* **connectionType**: *eq, ge, gt, in, le, lt, ne, isnull, sw* **connectorName**: *eq, ge, gt, in, ne, isnull, sw* **category**: *co, eq, ge, gt, in, le, lt, ne, sw* - in: query name: sorters schema: type: string format: comma-separated example: name description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **type, created, modified, name, owner.name, healthy, status, id, description, owner.id, accountCorrelationConfig.id, accountCorrelationConfig.name, managerCorrelationRule.type, managerCorrelationRule.id, managerCorrelationRule.name, authoritative, managementWorkgroup.id, connectorName, connectionType** - in: query name: for-subadmin schema: type: string example: name description: |- Filter the returned list of sources for the identity specified by the parameter, which is the id of an identity with the role SOURCE_SUBADMIN. By convention, the value **me** indicates the identity id of the current user. Subadmins may only view Sources which they are able to administer; all other Sources will be filtered out when this parameter is set. If the current user is a SOURCE_SUBADMIN but fails to pass a valid value for this parameter, a 403 Forbidden is returned. - in: query name: includeIDNSource required: false schema: type: boolean default: false example: true description: Include the IdentityNow source in the response. responses: '200': description: List of Source objects content: application/json: schema: type: array items: $ref: '#/components/schemas/Source' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createSource security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Sources summary: Creates a source in identitynow. description: This creates a specific source with a full source JSON representation. Any passwords are submitted as plain-text and encrypted upon receipt in IdentityNow. parameters: - in: query name: provisionAsCsv description: 'If this parameter is `true`, it configures the source as a Delimited File (CSV) source. Setting this to `true` will automatically set the `type` of the source to `DelimitedFile`. You must use this query parameter to create a Delimited File source as you would in the UI. If you don''t set this query parameter and you attempt to set the `type` attribute directly, the request won''t correctly generate the source. ' schema: type: boolean required: false example: false requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Source' responses: '201': description: Created Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design. content: application/json: schema: $ref: '#/components/schemas/Source' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{id}: get: operationId: getSource security: - userAuth: - idn:sources:read - idn:sources:manage - applicationAuth: - idn:sources:read - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Sources summary: Get source by id description: Use this API to get a source by a specified ID in Identity Security Cloud (ISC). parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: Source ID. example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: Source object. content: application/json: schema: $ref: '#/components/schemas/Source' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putSource security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Sources summary: Update source (full) description: | Use this API to update a source in Identity Security Cloud (ISC), using a full object representation. This means that when you use this API, it completely replaces the existing source configuration. These fields are immutable, so they cannot be changed: * id * type * authoritative * connector * connectorClass * passwordPolicies Attempts to modify these fields will result in a 400 error. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: Source ID. example: 2c9180835d191a86015d28455b4a2329 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Source' responses: '200': description: Updated Source object. Any passwords will only show the the encrypted cipher-text so that they aren't decryptable in Identity Security Cloud (ISC) cloud-based services, per ISC security design. content: application/json: schema: $ref: '#/components/schemas/Source' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: updateSource security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Sources summary: Update source (partial) description: | Use this API to partially update a source in Identity Security Cloud (ISC), using a list of patch operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. These fields are immutable, so they cannot be changed: * id * type * authoritative * created * modified * connector * connectorClass * passwordPolicies Attempts to modify these fields will result in a 400 error. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: Source ID. example: 2c9180835d191a86015d28455b4a2329 requestBody: required: true description: A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Any password changes are submitted as plain-text and encrypted upon receipt in Identity Security Cloud (ISC). content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' examples: Edit the source description: description: This example shows how to edit a source description. value: - op: replace path: /description value: new description Edit the source cluster: description: This example shows how to edit a source cluster by ID. value: - op: replace path: /cluster/id value: 2c918087813a902001813f3f85736b45 Edit source features: description: This example illustrates how you can update source supported features. value: - op: replace path: /features value: - PASSWORD - PROVISIONING - ENABLE - AUTHENTICATE Change a source description and cluster in one call: description: This example shows how multiple fields may be updated with a single PATCH call. value: - op: replace path: /description value: new description - op: replace path: /cluster/id value: 2c918087813a902001813f3f85736b45 Add a filter string to the connector: description: This example shows how you can add a filter to incoming accounts during the account aggregation process. In the example, any account that does not have an "m" or "d" in the ID will be aggregated. value: - op: add path: /connectorAttributes/filterString value: '!( id.contains( "m" ) ) || !( id.contains( "d" ) )' Update connector attribute for specific operation type: description: This example shows how you can update the 3rd object in the connection parameter's `operationType`. This changes it from a standard group aggregation to a group aggregation on the "test" entitlement type. value: - op: replace path: /connectorAttributes/connectionParameters/2/operationType value: Group Aggregation-test Enable notifications for new account provisioning on a source: description: This example shows how you can configure and enable email notifications that will send when new accounts are provisioned on a source. value: - op: replace path: /connectorAttributes/accountCreateNotification value: notifyList: - Distribution.list@demo.com notifyAccountOwner: true enabled: true notifyAccountOwnerAltEmail: false responses: '200': description: Updated Source object. Any passwords will only show the the encrypted cipher-text so that they aren't decryptable in Identity Security Cloud (ISC) cloud-based services, per ISC security design. content: application/json: schema: $ref: '#/components/schemas/Source' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteSource security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Sources summary: Delete source by id description: |- Use this API to delete a specific source in Identity Security Cloud (ISC). The API removes all the accounts on the source first, and then it deletes the source. You can retrieve the actual task execution status with this method: GET `/task-status/{id}` parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: Source ID. example: 2c9180835d191a86015d28455b4a2329 responses: '202': description: Accepted - Returned if the request was successfully accepted into the system. content: application/json: schema: type: object properties: type: description: Type of object being referenced. type: string enum: - TASK_RESULT example: TASK_RESULT id: type: string description: Task result ID. example: 2c91808779ecf55b0179f720942f181a name: type: string description: Task result's human-readable display name (this should be null/empty). example: null examples: deleteSource: summary: Response returned when a source is being deleted. value: type: TASK_RESULT id: 2c91808779ecf55b0179f720942f181a name: null '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/provisioning-policies: get: operationId: listProvisioningPolicies tags: - Sources summary: Lists provisioningpolicies description: This end-point lists all the ProvisioningPolicies in IdentityNow. security: - userAuth: - idn:provisioning-policy:read - idn:provisioning-policy:manage - applicationAuth: - idn:provisioning-policy:read - idn:provisioning-policy:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: List of ProvisioningPolicyDto objects content: application/json: schema: type: array items: $ref: '#/components/schemas/ProvisioningPolicyDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createProvisioningPolicy tags: - Sources summary: Create provisioning policy description: |- This API generates a create policy/template based on field value transforms. This API is intended for use when setting up JDBC Provisioning type sources, but it will also work on other source types. Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning. Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/docs/extensibility/transforms/guides/transforms-in-provisioning-policies) for more information. security: - userAuth: - idn:provisioning-policy-source-admin-operations:manage - idn:provisioning-policy:manage - applicationAuth: - idn:provisioning-policy-source-admin-operations:manage - idn:provisioning-policy:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id example: 2c9180835d191a86015d28455b4a2329 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ProvisioningPolicyDto' examples: Create Account Provisioning Policy: value: name: Account description: Account Provisioning Policy usageType: CREATE fields: - name: displayName transform: type: identityAttribute attributes: name: displayName attributes: {} isRequired: false type: string isMultiValued: false - name: distinguishedName transform: type: usernameGenerator attributes: sourceCheck: true patterns: - CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com fn: type: identityAttribute attributes: name: firstname ln: type: identityAttribute attributes: name: lastname fi: type: substring attributes: input: type: identityAttribute attributes: name: firstname begin: 0 end: 1 fti: type: substring attributes: input: type: identityAttribute attributes: name: firstname begin: 0 end: 2 attributes: cloudMaxUniqueChecks: '5' cloudMaxSize: '100' cloudRequired: 'true' isRequired: false type: '' isMultiValued: false - name: description transform: type: static attributes: value: '' attributes: {} isRequired: false type: string isMultiValued: false responses: '201': description: Created ProvisioningPolicyDto object content: application/json: schema: $ref: '#/components/schemas/ProvisioningPolicyDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/provisioning-policies/{usageType}: get: operationId: getProvisioningPolicy tags: - Sources summary: Get provisioning policy by usagetype description: This end-point retrieves the ProvisioningPolicy with the specified usage on the specified Source in IdentityNow. security: - userAuth: - idn:provisioning-policy-source:read - idn:provisioning-policy:read - idn:provisioning-policy-source-admin-operations:manage - idn:provisioning-policy:manage - applicationAuth: - idn:provisioning-policy-source:read - idn:provisioning-policy:read - idn:provisioning-policy-source-admin-operations:manage - idn:provisioning-policy:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source ID. example: 2c9180835d191a86015d28455b4a2329 - in: path name: usageType required: true description: |- The type of provisioning policy usage. In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined. These are the common usage types: CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source. UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source. ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created. DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source. You can use these four usage types for all your provisioning policy needs. example: CREATE schema: $ref: '#/components/schemas/UsageType' responses: '200': description: The requested ProvisioningPolicyDto was successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/ProvisioningPolicyDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putProvisioningPolicy tags: - Sources summary: Update provisioning policy by usagetype description: |- This end-point updates the provisioning policy with the specified usage on the specified source in IdentityNow. Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning. Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/docs/extensibility/transforms/guides/transforms-in-provisioning-policies) for more information. security: - userAuth: - idn:provisioning-policy-source-admin-operations:manage - idn:provisioning-policy:manage - applicationAuth: - idn:provisioning-policy-source-admin-operations:manage - idn:provisioning-policy:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source ID. example: 2c9180835d191a86015d28455b4a2329 - in: path name: usageType required: true description: |- The type of provisioning policy usage. In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined. These are the common usage types: CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source. UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source. ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created. DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source. You can use these four usage types for all your provisioning policy needs. example: CREATE schema: $ref: '#/components/schemas/UsageType' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ProvisioningPolicyDto' responses: '200': description: The ProvisioningPolicyDto was successfully replaced. content: application/json: schema: $ref: '#/components/schemas/ProvisioningPolicyDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: updateProvisioningPolicy tags: - Sources summary: Partial update of provisioning policy description: |- This API selectively updates an existing Provisioning Policy using a JSONPatch payload. Transforms can be used in the provisioning policy to create a new attribute that you only need during provisioning. Refer to [Transforms in Provisioning Policies](https://developer.sailpoint.com/docs/extensibility/transforms/guides/transforms-in-provisioning-policies) for more information. security: - userAuth: - idn:provisioning-policy-source-admin-operations:manage - idn:provisioning-policy:manage - applicationAuth: - idn:provisioning-policy-source-admin-operations:manage - idn:provisioning-policy:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id. example: 2c9180835d191a86015d28455b4a2329 - in: path name: usageType required: true description: |- The type of provisioning policy usage. In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined. These are the common usage types: CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source. UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source. ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created. DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source. You can use these four usage types for all your provisioning policy needs. example: CREATE schema: $ref: '#/components/schemas/UsageType' requestBody: required: true description: The JSONPatch payload used to update the schema. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' examples: add-field: summary: Add a field to the beginning of the list value: - op: add path: /fields/0 value: name: email transform: type: identityAttribute attributes: name: email attributes: {} isRequired: false type: string isMultiValued: false responses: '200': description: The ProvisioningPolicyDto was successfully updated. content: application/json: schema: $ref: '#/components/schemas/ProvisioningPolicyDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteProvisioningPolicy tags: - Sources summary: Delete provisioning policy by usagetype description: Deletes the provisioning policy with the specified usage on an application. security: - userAuth: - idn:provisioning-policy:manage - applicationAuth: - idn:provisioning-policy:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source ID. example: 2c9180835d191a86015d28455b4a2329 - in: path name: usageType required: true description: |- The type of provisioning policy usage. In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined. These are the common usage types: CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source. UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source. ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created. DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source. You can use these four usage types for all your provisioning policy needs. example: CREATE schema: $ref: '#/components/schemas/UsageType' responses: '204': $ref: '#/components/responses/204' description: The ProvisioningPolicyDto was successfully deleted. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/provisioning-policies/bulk-update: post: operationId: updateProvisioningPoliciesInBulk tags: - Sources summary: Bulk update provisioning policies description: This end-point updates a list of provisioning policies on the specified source in IdentityNow. security: - userAuth: - idn:provisioning-policy:manage - applicationAuth: - idn:provisioning-policy:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id. example: 2c9180835d191a86015d28455b4a2329 requestBody: required: true content: application/json: schema: type: array items: $ref: '#/components/schemas/ProvisioningPolicyDto' responses: '200': description: A list of the ProvisioningPolicyDto was successfully replaced. content: application/json: schema: type: array items: $ref: '#/components/schemas/ProvisioningPolicyDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/schemas: get: operationId: getSourceSchemas security: - userAuth: - idn:source-schema:read - idn:source-schema:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Sources summary: List schemas on source description: Use this API to list the schemas that exist on the specified source in Identity Security Cloud (ISC). parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: Source ID. example: 2c9180835d191a86015d28455b4a2329 - in: query name: include-types required: false schema: type: string enum: - group - user description: |- If set to 'group', then the account schema is filtered and only group schemas are returned. Only a value of 'group' is recognized presently. Note: The API will check whether include-types is group or not, if not, it will list schemas based on include-names, if include-names is not provided, it will list all schemas. example: group - in: query name: include-names required: false schema: type: string description: A comma-separated list of schema names to filter result. example: account responses: '200': description: The schemas were successfully retrieved. content: application/json: schema: type: array items: $ref: '#/components/schemas/Schema' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createSourceSchema security: - userAuth: - idn:source-schema:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN tags: - Sources summary: Create schema on source description: | Use this API to create a new schema on the specified source in Identity Security Cloud (ISC). parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: Source ID. example: 2c9180835d191a86015d28455b4a2329 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Schema' responses: '201': description: The schema was successfully created on the specified source. content: application/json: schema: $ref: '#/components/schemas/Schema' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/schedules: get: operationId: getSourceSchedules security: - userAuth: - idn:sources:read - idn:sources:manage - applicationAuth: - idn:sources:read - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Sources summary: List schedules on source description: | Use this API to list the schedules that exist on the specified source in Identity Security Cloud (ISC). :::info This endpoint uses a **cron expression** to schedule a task, following standard **cron job syntax**. For example, `0 0 12 1/1 * ? *` runs the task **daily at 12:00 PM**. **Days of the week are represented as 1-7 (Sunday-Saturday).** ::: parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: Source ID. example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: The schedules were successfully retrieved. content: application/json: schema: type: array items: $ref: '#/components/schemas/Schedule-3' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createSourceSchedule security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Sources summary: Create schedule on source description: | Use this API to create a new schedule for a type on the specified source in Identity Security Cloud (ISC). parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: Source ID. example: 2c9180835d191a86015d28455b4a2329 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Schedule-3' responses: '201': description: The schedule was successfully created on the specified source. content: application/json: schema: $ref: '#/components/schemas/Schedule-3' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/schedules/{scheduleType}: get: operationId: getSourceSchedule security: - userAuth: - idn:sources:read - idn:sources:manage - applicationAuth: - idn:sources:read - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Sources summary: Get source schedule by type description: | Get the source schedule by type in Identity Security Cloud (ISC). parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id. example: 2c9180835d191a86015d28455b4a2329 - in: path name: scheduleType schema: type: string enum: - ACCOUNT_AGGREGATION - GROUP_AGGREGATION required: true description: The Schedule type. example: ACCOUNT_AGGREGATION responses: '200': description: The requested Schedule was successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/Schedule-3' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: updateSourceSchedule security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Sources summary: Update source schedule (partial) description: | Use this API to selectively update an existing Schedule using a JSONPatch payload. The following schedule fields are immutable and cannot be updated: - type parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id. example: 2c9180835d191a86015d28455b4a2329 - in: path name: scheduleType schema: type: string enum: - ACCOUNT_AGGREGATION - GROUP_AGGREGATION required: true description: The Schedule type. example: ACCOUNT_AGGREGATION requestBody: required: true description: The JSONPatch payload used to update the schedule. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' examples: add-attribute: summary: Replace an attribute of the schedule value: - op: replace path: /cronExpression value: 0 0 6 * * ? responses: '200': description: The Schedule was successfully updated. content: application/json: schema: $ref: '#/components/schemas/Schedule-3' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteSourceSchedule security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Sources summary: Delete source schedule by type. parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id. example: 2c9180835d191a86015d28455b4a2329 - in: path name: scheduleType schema: type: string enum: - ACCOUNT_AGGREGATION - GROUP_AGGREGATION required: true description: The Schedule type. example: ACCOUNT_AGGREGATION responses: '204': $ref: '#/components/responses/204' description: The Schedule was successfully deleted. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/schemas/{schemaId}: get: operationId: getSourceSchema tags: - Sources summary: Get source schema by id description: | Get the Source Schema by ID in IdentityNow. parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id. example: 2c9180835d191a86015d28455b4a2329 - in: path name: schemaId schema: type: string required: true x-sailpoint-resource-operation-id: getSourceSchemas description: The Schema id. example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: The requested Schema was successfully retrieved. content: application/json: schema: $ref: '#/components/schemas/Schema' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:source-schema:read - idn:source-schema:manage put: operationId: putSourceSchema tags: - Sources summary: Update source schema (full) description: | This API will completely replace an existing Schema with the submitted payload. Some fields of the Schema cannot be updated. These fields are listed below. * id * name * created * modified Any attempt to modify these fields will result in an error response with a status code of 400. > `id` must remain in the request body, but it cannot be changed. If `id` is omitted from the request body, the result will be a 400 error. parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id. example: 2c9180835d191a86015d28455b4a2329 - in: path name: schemaId schema: type: string required: true x-sailpoint-resource-operation-id: getSourceSchemas description: The Schema id. example: 2c9180835d191a86015d28455b4a2329 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Schema' responses: '200': description: The Schema was successfully replaced. content: application/json: schema: $ref: '#/components/schemas/Schema' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:source-schema:manage patch: operationId: updateSourceSchema tags: - Sources summary: Update source schema (partial) description: | Use this API to selectively update an existing Schema using a JSONPatch payload. The following schema fields are immutable and cannot be updated: - id - name - created - modified To switch an account attribute to a group entitlement, you need to have the following in place: - `isEntitlement: true` - Must define a schema for the group and [add it to the source](https://developer.sailpoint.com/idn/api/v3/create-source-schema) before updating the `isGroup` flag. For example, here is the `group` account attribute referencing a schema that defines the group: ```json { "name": "groups", "type": "STRING", "schema": { "type": "CONNECTOR_SCHEMA", "id": "2c9180887671ff8c01767b4671fc7d60", "name": "group" }, "description": "The groups, roles etc. that reference account group objects", "isMulti": true, "isEntitlement": true, "isGroup": true } ``` parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id. example: 2c9180835d191a86015d28455b4a2329 - in: path name: schemaId schema: type: string required: true x-sailpoint-resource-operation-id: getSourceSchemas description: The Schema id. example: 2c9180835d191a86015d28455b4a2329 requestBody: required: true description: The JSONPatch payload used to update the schema. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' examples: add-attribute: summary: Add an attribute to the end of the list value: - op: add path: /attributes/- value: name: location type: STRING schema: null description: Employee location isMulti: false isEntitlement: false isGroup: false responses: '200': description: The Schema was successfully updated. content: application/json: schema: $ref: '#/components/schemas/Schema' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:source-schema:manage delete: operationId: deleteSourceSchema tags: - Sources summary: Delete source schema by id parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id. example: 2c9180835d191a86015d28455b4a2329 - in: path name: schemaId schema: type: string required: true x-sailpoint-resource-operation-id: getSourceSchemas description: The Schema id. example: 2c9180835d191a86015d28455b4a2329 responses: '204': $ref: '#/components/responses/204' description: The Schema was successfully deleted. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:source-schema:manage /sources/{sourceId}/source-health: get: operationId: getSourceHealth security: - userAuth: - idn:sources:read - idn:sources:manage - applicationAuth: - idn:sources:read - idn:sources:manage tags: - Sources summary: Fetches source health by id description: This endpoint fetches source health by source's id parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id. example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: Fetched source health successfully content: application/json: schema: $ref: '#/components/schemas/SourceHealthDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{id}/schemas/accounts: get: tags: - Sources summary: Downloads source accounts schema template description: |- This API downloads the CSV schema that defines the account attributes on a source. >**NOTE: This API is designated only for Delimited File sources.** operationId: getAccountsSchema parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id example: 8c190e6787aa4ed9a90bd9d5344523fb responses: '200': description: Successfully downloaded the file content: text/csv: example: id,name,givenName,familyName,e-mail,location,manager,groups,startDate,endDate '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:source-schema:read - idn:source-schema:manage post: tags: - Sources summary: Uploads source accounts schema template description: |- This API uploads a source schema template file to configure a source's account attributes. To retrieve the file to modify and upload, log into Identity Now. Click **Admin** -> **Connections** -> **Sources** -> **`{SourceName}`** -> **Import Data** -> **Account Schema** -> **Options** -> **Download Schema** >**NOTE: This API is designated only for Delimited File sources.** operationId: importAccountsSchema parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id example: 8c190e6787aa4ed9a90bd9d5344523fb requestBody: required: true content: multipart/form-data: schema: type: object properties: file: type: string format: binary responses: '200': description: Successfully uploaded the file content: application/json: schema: $ref: '#/components/schemas/Schema' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:source-schema:manage /sources/{id}/schemas/entitlements: get: tags: - Sources summary: Downloads source entitlements schema template description: |- This API downloads the CSV schema that defines the entitlement attributes on a source. >**NOTE: This API is designated only for Delimited File sources.** operationId: getEntitlementsSchema parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id example: 8c190e6787aa4ed9a90bd9d5344523fb - in: query name: schemaName schema: type: string description: Name of entitlement schema example: '?schemaName=group' responses: '200': description: Successfully downloaded the file content: text/csv: example: id,name,displayName,created,description,modified,entitlements,groups,permissions '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:source-schema:read - idn:source-schema:manage post: tags: - Sources summary: Uploads source entitlements schema template description: |- This API uploads a source schema template file to configure a source's entitlement attributes. To retrieve the file to modify and upload, log into Identity Now. Click **Admin** -> **Connections** -> **Sources** -> **`{SourceName}`** -> **Import Data** -> **Import Entitlements** -> **Download** >**NOTE: This API is designated only for Delimited File sources.** operationId: importEntitlementsSchema parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id example: 8c190e6787aa4ed9a90bd9d5344523fb - in: query name: schemaName schema: type: string description: Name of entitlement schema example: '?schemaName=group' requestBody: required: true content: multipart/form-data: schema: type: object properties: file: type: string format: binary responses: '200': description: Successfully uploaded the file content: application/json: schema: $ref: '#/components/schemas/Schema' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:source-schema:manage /sources/{sourceId}/upload-connector-file: post: operationId: importConnectorFile security: - userAuth: - idn:sources-admin:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - Sources summary: Upload connector file to source parameters: - in: path name: sourceId required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The Source id. example: 2c9180835d191a86015d28455b4a2329 description: This uploads a supplemental source connector file (like jdbc driver jars) to a source's S3 bucket. This also sends ETS and Audit events. requestBody: required: true content: multipart/form-data: schema: type: object properties: file: type: string format: binary responses: '200': description: Uploaded the file successfully and sent all post-upload events content: application/json: schema: $ref: '#/components/schemas/Source' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/connections: get: operationId: getSourceConnections security: - userAuth: - idn:sources:read - idn:sources:manage - applicationAuth: - idn:sources:read - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Sources summary: Get source connections by id description: Use this API to get all dependent Profiles, Attributes, Applications and Custom Transforms for a source by a specified ID in Identity Security Cloud (ISC). parameters: - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: Source ID. example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: Source Connections object. content: application/json: schema: $ref: '#/components/schemas/SourceConnectionsDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{id}/correlation-config: get: operationId: getCorrelationConfig tags: - Sources summary: Get source correlation configuration security: - userAuth: - idn:sources:read - idn:sources:manage - applicationAuth: - idn:sources:read - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN description: This API returns the existing correlation configuration for a source specified by the given ID. parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The source id example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: Correlation configuration for a source content: application/json: schema: $ref: '#/components/schemas/CorrelationConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putCorrelationConfig tags: - Sources summary: Update source correlation configuration security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN description: Replaces the correlation configuration for the source specified by the given ID with the configuration provided in the request body. parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The source id example: 2c9180835d191a86015d28455b4a2329 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CorrelationConfig' responses: '200': description: Updated correlation configuration for a source content: application/json: schema: $ref: '#/components/schemas/CorrelationConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/password-policies: patch: operationId: updatePasswordPolicyHolders x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - ROLE_SUBADMIN tags: - Sources summary: Update password policy description: | This API can be used to set up or update Password Policy in IdentityNow for the specified Source. Source must support PASSWORD feature. parameters: - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: The Source id example: 8c190e6787aa4ed9a90bd9d5344523fb requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PasswordPolicyHoldersDto' responses: '200': description: Updated Password Policies content: application/json: schema: $ref: '#/components/schemas/PasswordPolicyHoldersDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage /sources/{sourceId}/connector/check-connection: post: operationId: testSourceConnection tags: - Sources summary: Check connection for source connector. description: This endpoint validates that the configured credentials are valid and will properly authenticate with the source identified by the sourceId path parameter. security: - userAuth: - idn:source-connector:manage - applicationAuth: - idn:source-connector:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: The ID of the Source. example: cef3ee201db947c5912551015ba0c679 responses: '200': description: The result of checking connection to the source connector with response from it. content: application/json: schema: $ref: '#/components/schemas/StatusResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/connector/peek-resource-objects: post: operationId: searchResourceObjects tags: - Sources summary: Peek source connector's resource objects description: Retrieves a sample of data returned from account and group aggregation requests. security: - userAuth: - idn:source-connector:manage - applicationAuth: - idn:source-connector:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: The ID of the Source example: cef3ee201db947c5912551015ba0c679 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ResourceObjectsRequest' example: objectType: resource maxCount: 50 responses: '200': description: List of resource objects that was fetched from the source connector. content: application/json: schema: $ref: '#/components/schemas/ResourceObjectsResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/connector/ping-cluster: post: operationId: pingCluster tags: - Sources summary: Ping cluster for source connector description: This endpoint validates that the cluster being used by the source is reachable from IdentityNow. security: - userAuth: - idn:source-connector:manage - applicationAuth: - idn:source-connector:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: The ID of the Source example: cef3ee201db947c5912551015ba0c679 responses: '200': description: The result of pinging connection with the source connector. content: application/json: schema: $ref: '#/components/schemas/StatusResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/connector/test-configuration: post: operationId: testSourceConfiguration tags: - Sources summary: Test configuration for source connector description: This endpoint performs a more detailed validation of the source''s configuration that can take longer than the lighter weight credential validation performed by the checkConnection API. security: - userAuth: - idn:source-connector:manage - applicationAuth: - idn:source-connector:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: The ID of the Source example: cef3ee201db947c5912551015ba0c679 responses: '200': description: The result of testing source connector configuration with response from it. content: application/json: schema: $ref: '#/components/schemas/StatusResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{id}/connectors/source-config: get: operationId: getSourceConfig tags: - Sources summary: Gets source config with language-translations security: - userAuth: - idn:connector-config:read - idn:connector-config:manage x-sailpoint-userLevels: - ORG_ADMIN description: Looks up and returns the source config for the requested source id after populating the source config values and applying language translations. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: The Source id example: cef3ee201db947c5912551015ba0c679 - in: query name: locale schema: type: string enum: - de - false - fi - sv - ru - pt - ko - zh-TW - en - it - fr - zh-CN - hu - es - cs - ja - pl - da - nl description: The locale to apply to the config. If no viable locale is given, it will default to "en" example: en required: false responses: '200': description: A Connector Detail object content: application/json: schema: $ref: '#/components/schemas/ConnectorDetail' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/native-change-detection-config: get: operationId: getNativeChangeDetectionConfig tags: - Sources summary: Native change detection configuration security: - userAuth: - idn:sources:read - applicationAuth: - idn:sources:read x-sailpoint-userLevels: - ORG_ADMIN description: This API returns the existing native change detection configuration for a source specified by the given ID. parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The source id example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: Native change detection configuration for a source content: application/json: schema: $ref: '#/components/schemas/NativeChangeDetectionConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putNativeChangeDetectionConfig tags: - Sources summary: Update native change detection configuration security: - userAuth: - idn:sources:update - applicationAuth: - idn:sources:update x-sailpoint-userLevels: - ORG_ADMIN description: Replaces the native change detection configuration for the source specified by the given ID with the configuration provided in the request body. parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The source id example: 2c9180835d191a86015d28455b4a2329 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/NativeChangeDetectionConfig' responses: '200': description: Updated native change detection configuration for a source content: application/json: schema: $ref: '#/components/schemas/NativeChangeDetectionConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteNativeChangeDetectionConfig tags: - Sources summary: Delete native change detection configuration description: Deletes the native change detection configuration for the source specified by the given ID. security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The source id example: 2c9180835d191a86015d28455b4a2329 responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{id}/remove-accounts: post: operationId: deleteAccountsAsync summary: Remove all accounts in source tags: - Sources description: | Use this endpoint to remove all accounts from the system without provisioning changes to the source. Accounts that are removed could be re-created during the next aggregation. This endpoint is good for: * Removing accounts that no longer exist on the source. * Removing accounts that won't be aggregated following updates to the source configuration. * Forcing accounts to be re-created following the next aggregation to re-run account processing, support testing, etc. x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: The source id example: ebbf35756e1140699ce52b233121384a responses: '202': description: Accepted. Returns task result details of removal request. content: application/json: schema: $ref: '#/components/schemas/TaskResultDto' example: type: TASK_RESULT id: 464ae7bf791e49fdb74606a2e4a89635 name: null '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:accounts:manage /sources/{id}/load-accounts: post: tags: - Sources summary: Account aggregation operationId: importAccounts description: |- Starts an account aggregation on the specified source. If the target source is a delimited file source, then the CSV file needs to be included in the request body. You will also need to set the Content-Type header to `multipart/form-data`. security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: Source Id example: ef38f94347e94562b5bb8424a56397d8 requestBody: content: multipart/form-data: schema: type: object properties: file: type: string format: binary description: The CSV file containing the source accounts to aggregate. disableOptimization: type: string example: 'true' description: Use this flag to reprocess every account whether or not the data has changed. responses: '202': description: Aggregate Accounts Task content: application/json: schema: $ref: '#/components/schemas/LoadAccountsTask' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{id}/load-uncorrelated-accounts: post: tags: - Sources summary: Process uncorrelated accounts operationId: importUncorrelatedAccounts description: File is required for upload. You will also need to set the Content-Type header to `multipart/form-data` security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: Source Id example: 75dbec1ebe154d5785da27b95e1dd5d7 requestBody: content: multipart/form-data: schema: type: object properties: file: type: string format: binary responses: '202': description: Uncorrelated Accounts Task content: application/json: schema: $ref: '#/components/schemas/LoadUncorrelatedAccountsTask' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /tagged-objects: get: operationId: listTaggedObjects security: - userAuth: - idn:tag:read - idn:tag:manage - applicationAuth: - idn:tag:read - idn:tag:manage tags: - Tagged Objects summary: List tagged objects description: This API returns a list of all tagged objects. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **objectRef.id**: *eq, in* **objectRef.type**: *eq, in* **tagName**: *eq, in* example: tagName eq "BU_FINANCE" required: false responses: '200': description: List of all tagged objects. content: application/json: schema: type: array items: $ref: '#/components/schemas/TaggedObject' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: setTagToObject security: - userAuth: - idn:tag:manage - applicationAuth: - idn:tag:manage tags: - Tagged Objects summary: Add tag to object description: This adds a tag to an object. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/TaggedObject' responses: '201': description: Created. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /tagged-objects/{type}: get: operationId: listTaggedObjectsByType security: - userAuth: - idn:tag:read - idn:tag:manage - applicationAuth: - idn:tag:read - idn:tag:manage tags: - Tagged Objects summary: List tagged objects by type description: This API returns a list of all tagged objects by type. parameters: - in: path name: type schema: type: string enum: - ACCESS_PROFILE - APPLICATION - CAMPAIGN - ENTITLEMENT - IDENTITY - ROLE - SOD_POLICY - SOURCE required: true description: The type of tagged object to retrieve. example: ROLE - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **objectRef.id**: *eq* **objectRef.type**: *eq* example: objectRef.id eq "2c91808568c529c60168cca6f90c1313" required: false responses: '200': description: List of all tagged objects for specified type. content: application/json: schema: type: array items: $ref: '#/components/schemas/TaggedObject' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /tagged-objects/{type}/{id}: get: operationId: getTaggedObject security: - userAuth: - idn:tag:read - idn:tag:manage - applicationAuth: - idn:tag:read - idn:tag:manage tags: - Tagged Objects summary: Get tagged object description: This gets a tagged object for the specified type. parameters: - in: path name: type schema: type: string enum: - ACCESS_PROFILE - APPLICATION - CAMPAIGN - ENTITLEMENT - IDENTITY - ROLE - SOD_POLICY - SOURCE required: true description: The type of tagged object to retrieve. example: ROLE - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listTaggedObjects description: The ID of the object reference to retrieve. example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: Tagged object by type and ID. content: application/json: schema: $ref: '#/components/schemas/TaggedObject' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putTaggedObject security: - userAuth: - idn:tag:manage - applicationAuth: - idn:tag:manage tags: - Tagged Objects summary: Update tagged object description: This updates a tagged object for the specified type. parameters: - in: path name: type schema: type: string enum: - ACCESS_PROFILE - APPLICATION - CAMPAIGN - ENTITLEMENT - IDENTITY - ROLE - SOD_POLICY - SOURCE required: true description: The type of tagged object to update. example: ROLE - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listTaggedObjects description: The ID of the object reference to update. example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/TaggedObject' responses: '200': description: Tagged object by type and ID. content: application/json: schema: $ref: '#/components/schemas/TaggedObject' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteTaggedObject security: - userAuth: - idn:tag:manage - applicationAuth: - idn:tag:manage tags: - Tagged Objects summary: Delete object tags description: Delete all tags from a tagged object. parameters: - in: path name: type schema: type: string enum: - ACCESS_PROFILE - APPLICATION - CAMPAIGN - ENTITLEMENT - IDENTITY - ROLE - SOD_POLICY - SOURCE required: true description: The type of object to delete tags from. example: ROLE - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listTaggedObjects description: The ID of the object to delete tags from. example: ef38f94347e94562b5bb8424a56397d8 responses: '204': description: No content. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /tagged-objects/bulk-add: post: operationId: setTagsToManyObjects security: - userAuth: - idn:tag:manage - applicationAuth: - idn:tag:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN - REPORT_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Tagged Objects summary: Tag multiple objects description: This API adds tags to multiple objects. requestBody: required: true description: Supported object types are ACCESS_PROFILE, APPLICATION, CAMPAIGN, ENTITLEMENT, IDENTITY, ROLE, SOD_POLICY, SOURCE. content: application/json: schema: $ref: '#/components/schemas/BulkAddTaggedObject' responses: '200': description: Request succeeded. content: application/json: schema: type: array items: $ref: '#/components/schemas/BulkTaggedObjectResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /tagged-objects/bulk-remove: post: operationId: deleteTagsToManyObject security: - userAuth: - idn:tag:manage - applicationAuth: - idn:tag:manage x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN - REPORT_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN tags: - Tagged Objects summary: Remove tags from multiple objects description: This API removes tags from multiple objects. requestBody: description: Supported object types are ACCESS_PROFILE, APPLICATION, CAMPAIGN, ENTITLEMENT, IDENTITY, ROLE, SOD_POLICY, SOURCE. required: true content: application/json: schema: $ref: '#/components/schemas/BulkRemoveTaggedObject' responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /tags: get: operationId: listTags tags: - Tags summary: List tags description: |- This API returns a list of tags. A token with API, ORG_ADMIN, CERT_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, in, sw* example: id eq "27462f54-61c7-4140-b5da-d5dbe27fc6db" required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, created, modified** example: name,-modified required: false responses: '200': description: List of all tags. content: application/json: schema: type: array items: $ref: '#/components/schemas/Tag' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:tag:read - idn:tag:manage - applicationAuth: - idn:tag:read - idn:tag:manage post: operationId: createTag tags: - Tags summary: Create tag description: |- This API creates new tag. A token with API, ORG_ADMIN, CERT_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Tag' responses: '201': description: Created tag. content: application/json: schema: $ref: '#/components/schemas/Tag' '400': description: Client Error - Returned if the request body is invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: 400.1 Bad Request Content: description: Response for bad request content value: detailCode: 400.1 Bad Request Content trackingId: 1ea1adcb84da4dcb890145e05745774e messages: - locale: en-US localeOrigin: DEFAULT text: The request was syntactically correct but its content is semantically invalid. 400.1.2 Value length out of range: description: Response for invalid tag name value: detailCode: 400.2.1 Referential integrity violation trackingId: 2241d18b9e7d4350a9acfe69f8ce47f1 messages: - locale: en-US localeOrigin: DEFAULT text: Field "Tag Name" length is outside of range [3,128]. '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:tag:manage - applicationAuth: - idn:tag:manage /tags/{id}: get: operationId: getTagById tags: - Tags summary: Get tag by id description: |- Returns a tag by its id. A token with API, ORG_ADMIN, CERT_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listTags description: The ID of the object reference to retrieve. example: 329d96cf-3bdb-40a9-988a-b5037ab89022 responses: '200': description: Tag content: application/json: schema: $ref: '#/components/schemas/Tag' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:tag:read - idn:tag:manage - applicationAuth: - idn:tag:read - idn:tag:manage delete: operationId: deleteTagById tags: - Tags summary: Delete tag description: |- This API deletes a tag by specified id. A token with API, ORG_ADMIN, CERT_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listTags description: The ID of the object reference to delete. example: 329d96cf-3bdb-40a9-988a-b5037ab89022 responses: '204': description: No content. '400': description: Client Error - Returned if the request body is invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: 400.1 Bad Request Content: description: Response for bad request content value: detailCode: 400.1 Bad Request Content trackingId: 1ea1adcb84da4dcb890145e05745774e messages: - locale: en-US localeOrigin: DEFAULT text: The request was syntactically correct but its content is semantically invalid. 400.2.1 Referential integrity violation: description: Response for reference violations value: detailCode: 400.2.1 Referential integrity violation trackingId: 33956b59f6d44081a11f91959dd8731d messages: - locale: en-US localeOrigin: DEFAULT text: The request cannot be fulfilled because doing so would violate referential integrity constraints. '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:tag:manage - applicationAuth: - idn:tag:manage /transforms: get: tags: - Transforms summary: List transforms description: Gets a list of all saved transform objects. operationId: listTransforms parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - name: name in: query description: Name of the transform to retrieve from the list. required: false style: form schema: type: string example: ExampleTransformName123 - name: filters in: query description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **internal**: *eq* **name**: *eq, sw* required: false style: form explode: true example: name eq "Uppercase" schema: type: string responses: '200': description: A list of transforms matching the given criteria. content: application/json: schema: type: array items: $ref: '#/components/schemas/TransformRead' example: - id: 2cd78adghjkja34jh2b1hkjhasuecd name: Timestamp To Date type: dateFormat attributes: inputFormat: MMM-dd-yyyy, HH:mm:ss.SSS outputFormat: yyyy/dd/MM internal: false - id: 2lkas8dhj4bkuakja77giih7l4ashh name: PrefixSubstring type: substring attributes: begin: 0 end: 3 internal: true '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:transform:read - idn:transform:manage - applicationAuth: - idn:transform:read - idn:transform:manage x-sailpoint-userLevels: - ORG_ADMIN post: tags: - Transforms summary: Create transform description: Creates a new transform object immediately. By default, the internal flag is set to false to indicate that this is a custom transform. Only SailPoint employees have the ability to create a transform with internal set to true. Newly created Transforms can be used in the Identity Profile mappings within the UI. operationId: createTransform requestBody: required: true description: The transform to be created. content: application/json: schema: $ref: '#/components/schemas/Transform' example: name: Timestamp To Date type: dateFormat attributes: inputFormat: MMM dd yyyy, HH:mm:ss.SSS outputFormat: yyyy/dd/MM responses: '201': description: Indicates the transform was successfully created and returns its representation. content: application/json: schema: $ref: '#/components/schemas/TransformRead' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:transform:manage - applicationAuth: - idn:transform:manage x-sailpoint-userLevels: - ORG_ADMIN /transforms/{id}: get: tags: - Transforms summary: Transform by id description: This API returns the transform specified by the given ID. operationId: getTransform parameters: - name: id in: path description: ID of the transform to retrieve required: true x-sailpoint-resource-operation-id: listTransforms style: simple explode: false example: 2cd78adghjkja34jh2b1hkjhasuecd schema: type: string responses: '200': description: Transform with the given ID content: application/json: schema: $ref: '#/components/schemas/TransformRead' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:transform:read - idn:transform:manage - applicationAuth: - idn:transform:read - idn:transform:manage x-sailpoint-userLevels: - ORG_ADMIN put: tags: - Transforms summary: Update a transform description: Replaces the transform specified by the given ID with the transform provided in the request body. Only the "attributes" field is mutable. Attempting to change other properties (ex. "name" and "type") will result in an error. operationId: updateTransform parameters: - name: id in: path description: ID of the transform to update required: true x-sailpoint-resource-operation-id: listTransforms style: simple explode: false schema: type: string example: 2cd78adghjkja34jh2b1hkjhasuecd requestBody: description: The updated transform object. Must include "name", "type", and "attributes" fields, but "name" and "type" must not be modified. content: application/json: schema: $ref: '#/components/schemas/Transform' example: name: Timestamp To Date type: dateFormat attributes: inputFormat: MMM-dd-yyyy, HH:mm:ss.SSS outputFormat: yyyy/dd/MM responses: '200': description: Indicates the transform was successfully updated and returns its new representation. content: application/json: schema: $ref: '#/components/schemas/TransformRead' example: id: 2cd78adghjkja34jh2b1hkjhasuecd name: Timestamp To Date type: dateFormat attributes: inputFormat: MMM-dd-yyyy, HH:mm:ss.SSS outputFormat: yyyy/dd/MM internal: false '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:transform:manage - applicationAuth: - idn:transform:manage x-sailpoint-userLevels: - ORG_ADMIN delete: tags: - Transforms summary: Delete a transform description: Deletes the transform specified by the given ID. Attempting to delete a transform that is used in one or more Identity Profile mappings will result in an error. If this occurs, you must first remove the transform from all mappings before deleting the transform. operationId: deleteTransform parameters: - name: id in: path description: ID of the transform to delete required: true x-sailpoint-resource-operation-id: listTransforms style: simple explode: false schema: type: string example: 2cd78adghjkja34jh2b1hkjhasuecd responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:transform:manage - applicationAuth: - idn:transform:manage x-sailpoint-userLevels: - ORG_ADMIN /work-items: get: operationId: listWorkItems tags: - Work Items summary: List work items description: This gets a collection of work items belonging to either the specified user(admin required), or the current user. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: ownerId schema: type: string description: ID of the work item owner. required: false example: 1211bcaa32112bcef6122adb21cef1ac responses: '200': description: List of work items content: application/json: schema: type: array items: $ref: '#/components/schemas/WorkItems' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/completed: get: operationId: getCompletedWorkItems tags: - Work Items summary: Completed work items description: This gets a collection of completed work items belonging to either the specified user(admin required), or the current user. parameters: - in: query name: ownerId schema: type: string description: The id of the owner of the work item list being requested. Either an admin, or the owning/current user must make this request. required: false example: 1211bcaa32112bcef6122adb21cef1ac - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' responses: '200': description: List of completed work items. content: application/json: schema: type: array items: $ref: '#/components/schemas/WorkItems' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/count: get: operationId: getCountWorkItems tags: - Work Items summary: Count work items description: This gets a count of work items belonging to either the specified user(admin required), or the current user. parameters: - in: query name: ownerId schema: type: string description: ID of the work item owner. required: false example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: List of work items content: application/json: schema: $ref: '#/components/schemas/WorkItemsCount' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/completed/count: get: operationId: getCountCompletedWorkItems tags: - Work Items summary: Count completed work items description: This gets a count of completed work items belonging to either the specified user(admin required), or the current user. parameters: - in: query name: ownerId schema: type: string description: ID of the work item owner. required: false - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of work items content: application/json: schema: $ref: '#/components/schemas/WorkItemsCount' '400': $ref: '#/components/responses/400' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' /work-items/summary: get: operationId: getWorkItemsSummary tags: - Work Items summary: Work items summary description: This gets a summary of work items belonging to either the specified user(admin required), or the current user. parameters: - in: query name: ownerId schema: type: string description: ID of the work item owner. required: false example: 1211bcaa32112bcef6122adb21cef1ac responses: '200': description: List of work items content: application/json: schema: $ref: '#/components/schemas/WorkItemsSummary' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/{id}: get: operationId: getWorkItem tags: - Work Items summary: Get a work item description: This gets the details of a Work Item belonging to either the specified user(admin required), or the current user. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listWorkItems description: ID of the work item. example: 2c9180835d191a86015d28455b4a2329 responses: '200': description: The work item with the given ID. content: application/json: schema: $ref: '#/components/schemas/WorkItems' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: completeWorkItem tags: - Work Items summary: Complete a work item description: This API completes a work item. Either an admin, or the owning/current user must make this request. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listWorkItems description: The ID of the work item example: ef38f94347e94562b5bb8424a56397d8 requestBody: description: Body is the request payload to create form definition request content: application/json: schema: type: string nullable: true responses: '200': description: A WorkItems object content: application/json: schema: $ref: '#/components/schemas/WorkItems' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/{id}/approve/{approvalItemId}: post: operationId: approveApprovalItem tags: - Work Items summary: Approve an approval item description: This API approves an Approval Item. Either an admin, or the owning/current user must make this request. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listWorkItems description: The ID of the work item example: ef38f94347e94562b5bb8424a56397d8 - in: path name: approvalItemId schema: type: string required: true description: The ID of the approval item. example: 1211bcaa32112bcef6122adb21cef1ac responses: '200': description: A work items details object. content: application/json: schema: $ref: '#/components/schemas/WorkItems' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/{id}/reject/{approvalItemId}: post: operationId: rejectApprovalItem tags: - Work Items summary: Reject an approval item description: This API rejects an Approval Item. Either an admin, or the owning/current user must make this request. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listWorkItems description: The ID of the work item example: ef38f94347e94562b5bb8424a56397d8 - in: path name: approvalItemId schema: type: string required: true description: The ID of the approval item. example: 1211bcaa32112bcef6122adb21cef1ac responses: '200': description: A work items details object. content: application/json: schema: $ref: '#/components/schemas/WorkItems' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/bulk-approve/{id}: post: operationId: approveApprovalItemsInBulk tags: - Work Items summary: Bulk approve approval items description: This API bulk approves Approval Items. Either an admin, or the owning/current user must make this request. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listWorkItems description: The ID of the work item example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: A work items details object. content: application/json: schema: $ref: '#/components/schemas/WorkItems' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/bulk-reject/{id}: post: operationId: rejectApprovalItemsInBulk tags: - Work Items summary: Bulk reject approval items description: This API bulk rejects Approval Items. Either an admin, or the owning/current user must make this request. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listWorkItems description: The ID of the work item example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: A work items details object. content: application/json: schema: $ref: '#/components/schemas/WorkItems' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /work-items/{id}/submit-account-selection: post: operationId: submitAccountSelection tags: - Work Items summary: Submit account selections description: This API submits account selections. Either an admin, or the owning/current user must make this request. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listWorkItems description: The ID of the work item example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: type: object additionalProperties: true example: fieldName: fieldValue description: Account Selection Data map, keyed on fieldName responses: '200': description: A work items details object. content: application/json: schema: $ref: '#/components/schemas/WorkItems' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflows: get: operationId: listWorkflows tags: - Workflows summary: List workflows description: List all workflows in the tenant. security: - userAuth: - sp:workflow:read - sp:workflow:manage responses: '200': description: List of workflows content: application/json: schema: type: array items: $ref: '#/components/schemas/Workflow' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createWorkflow tags: - Workflows summary: Create workflow description: Create a new workflow with the desired trigger and steps specified in the request body. security: - userAuth: - sp:workflow:manage requestBody: required: true content: application/json: schema: allOf: - required: - name - $ref: '#/components/schemas/WorkflowBody' examples: Event Trigger: description: Workflow initiated by an event trigger value: name: Send Email owner: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: William Wilson description: Send an email to the identity who's attributes changed. definition: start: Send Email Test steps: Send Email: actionId: sp:send-email attributes: body: This is a test from: sailpoint@sailpoint.com recipientId.$: $.identity.id subject: test nextStep: success selectResult: null type: action success: type: success enabled: false trigger: type: EVENT attributes: id: idn:identity-attributes-changed filter: $.changes[?(@.attribute == 'manager')] Scheduled Trigger: description: Workflow initiated by a scheduled trigger value: name: Send Email owner: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: William Wilson description: Send an email to the identity who's attributes changed. definition: start: Send Email Test steps: Send Email: actionId: sp:send-email attributes: body: This is a test from: sailpoint@sailpoint.com recipientId.$: $.identity.id subject: test nextStep: success selectResult: null type: action success: type: success enabled: false trigger: type: SCHEDULED attributes: cronString: 0 * */3 */5 * External Trigger: description: Workflow initiated by an external trigger value: name: Send Email owner: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: William Wilson description: Send an email to the identity whose attributes changed. definition: start: Send Email Test steps: Send Email: actionId: sp:send-email attributes: body: This is a test from: sailpoint@sailpoint.com recipientId.$: $.identity.id subject: test nextStep: success selectResult: null type: action success: type: success enabled: false trigger: type: EXTERNAL attributes: name: search-and-notify description: Run a search and notify the results responses: '200': description: The Workflow object content: application/json: schema: $ref: '#/components/schemas/Workflow' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflows/{id}: get: operationId: getWorkflow tags: - Workflows summary: Get workflow by id description: Get a single workflow by id. security: - userAuth: - sp:workflow:read - sp:workflow:manage parameters: - name: id in: path description: Id of the workflow required: true x-sailpoint-resource-operation-id: listWorkflows style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b responses: '200': description: The workflow object content: application/json: schema: $ref: '#/components/schemas/Workflow' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putWorkflow tags: - Workflows summary: Update workflow description: Perform a full update of a workflow. The updated workflow object is returned in the response. security: - userAuth: - sp:workflow:manage parameters: - name: id in: path description: Id of the Workflow required: true x-sailpoint-resource-operation-id: listWorkflows style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/WorkflowBody' responses: '200': description: The Workflow object content: application/json: schema: $ref: '#/components/schemas/Workflow' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchWorkflow tags: - Workflows summary: Patch workflow description: Partially update an existing Workflow using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax. security: - userAuth: - sp:workflow:manage parameters: - name: id in: path description: Id of the Workflow required: true x-sailpoint-resource-operation-id: listWorkflows style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b requestBody: required: true content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' examples: Update all patchable fields: description: Demonstrate how to update each patchable field in one PATCH request. value: - op: replace path: /name value: Send Email - op: replace path: /owner value: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 name: William Wilson - op: replace path: /description value: Send an email to the identity who's attributes changed. - op: replace path: /enabled value: false - op: replace path: /definition value: start: Send Email Test steps: Send Email: actionId: sp:send-email attributes: body: This is a test from: sailpoint@sailpoint.com recipientId.$: $.identity.id subject: test nextStep: success selectResult: null type: action success: type: success - op: replace path: /trigger value: type: EVENT attributes: id: idn:identity-attributes-changed responses: '200': description: The Workflow object content: application/json: schema: $ref: '#/components/schemas/Workflow' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteWorkflow tags: - Workflows summary: Delete workflow by id description: Delete a workflow. **Enabled workflows cannot be deleted**. They must first be disabled. security: - userAuth: - sp:workflow:manage parameters: - name: id in: path description: Id of the Workflow required: true x-sailpoint-resource-operation-id: listWorkflows style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflows/{id}/test: post: operationId: testWorkflow tags: - Workflows summary: Test workflow by id description: | :::info Workflow must be disabled in order to use this endpoint. ::: Test a workflow with the provided input data. The input data should resemble the input that the trigger will send the workflow. See the [event trigger documentation](https://developer.sailpoint.com/docs/extensibility/event-triggers/available) for an example input for the trigger that initiates this workflow. This endpoint will return an execution ID, which can be used to lookup more information about the execution using the `Get a Workflow Execution` endpoint. **This will cause a live run of the workflow, which could result in unintended modifications to your IDN tenant.** security: - userAuth: - sp:workflow-execute:external x-sailpoint-userLevels: - ORG_ADMIN parameters: - name: id in: path description: Id of the workflow required: true x-sailpoint-resource-operation-id: listWorkflows style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b requestBody: required: true content: application/json: schema: type: object required: - input properties: input: type: object description: The test input for the workflow. examples: Identity Attributes Changed: description: Identity Attributes Changed Trigger Input value: input: identity: id: ee769173319b41d19ccec6cea52f237b name: john.doe type: IDENTITY changes: - attribute: department oldValue: sales newValue: marketing - attribute: manager oldValue: id: ee769173319b41d19ccec6c235423237b name: nice.guy type: IDENTITY newValue: id: ee769173319b41d19ccec6c235423236c name: mean.guy type: IDENTITY - attribute: email oldValue: john.doe@hotmail.com newValue: john.doe@gmail.com responses: '200': description: The Workflow object content: application/json: schema: type: object properties: workflowExecutionId: type: string description: The workflow execution id example: 0e11cefa-96e7-4b67-90d0-065bc1da5753 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflows/{id}/executions: get: operationId: getWorkflowExecutions tags: - Workflows summary: List workflow executions description: |- Use this API to list a specified workflow's executions. Workflow executions are available for up to 90 days before being archived. By default, you can get a maximum of 250 executions. To get executions past the first 250 records, you can do the following: 1. Use the [Get Workflows](https://developer.sailpoint.com/idn/api/beta/list-workflows) endpoint to get your workflows. 2. Get your workflow ID from the response. 3. You can then do either of the following: - Filter to find relevant workflow executions. For example, you can filter for failed workflow executions: `GET /workflows/:workflowID/executions?filters=status eq "Failed"` - Paginate through results with the `offset` parameter. For example, you can page through 50 executions per page and use that as a way to get to the records past the first 250. Refer to [Paginating Results](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results) for more information about the query parameters you can use to achieve pagination. security: - userAuth: - sp:workflow:read - sp:workflow:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_SUBADMIN - SOURCE_ADMIN parameters: - name: id in: path description: Workflow ID. required: true x-sailpoint-resource-operation-id: listWorkflows style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **start_time**: *eq, lt, le, gt, ge* **status**: *eq* example: status eq "Failed" required: false responses: '200': description: List of workflow executions for the specified workflow. content: application/json: schema: type: array items: $ref: '#/components/schemas/WorkflowExecution' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflow-executions/{id}: get: operationId: getWorkflowExecution tags: - Workflows summary: Get workflow execution description: Use this API to get a single workflow execution. Workflow executions are available for up to 90 days before being archived. If you attempt to access a workflow execution that has been archived, you will receive a "404 Not Found" response. security: - userAuth: - sp:workflow:read - sp:workflow:manage parameters: - name: id in: path description: Workflow execution ID. required: true style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b responses: '200': description: Workflow execution. content: application/json: schema: items: $ref: '#/components/schemas/WorkflowExecution' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflow-executions/{id}/history: get: operationId: getWorkflowExecutionHistory tags: - Workflows summary: Get workflow execution history description: Get a detailed history of a single workflow execution. Workflow executions are available for up to 90 days before being archived. If you attempt to access a workflow execution that has been archived, you will receive a 404 Not Found. security: - userAuth: - sp:workflow:read - sp:workflow:manage parameters: - name: id in: path description: Id of the workflow execution required: true style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b responses: '200': description: List of workflow execution events for the given workflow execution content: application/json: schema: type: array items: $ref: '#/components/schemas/WorkflowExecutionEvent' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflow-executions/{id}/cancel: post: operationId: cancelWorkflowExecution tags: - Workflows summary: Cancel workflow execution by id description: Use this API to cancel a running workflow execution. security: - userAuth: - sp:workflow-execute:external parameters: - name: id in: path description: The workflow execution ID required: true style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflow-library: get: operationId: listCompleteWorkflowLibrary tags: - Workflows summary: List complete workflow library description: This lists all triggers, actions, and operators in the library externalDocs: description: Additional documentation for workflows url: https://documentation.sailpoint.com/saas/help/workflows/index.html parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' security: - userAuth: - sp:workflow:read - sp:workflow:manage responses: '200': description: List of workflow steps content: application/json: schema: type: array items: anyOf: - $ref: '#/components/schemas/WorkflowLibraryAction' - $ref: '#/components/schemas/WorkflowLibraryTrigger' - $ref: '#/components/schemas/WorkflowLibraryOperator' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflow-library/actions: get: operationId: listWorkflowLibraryActions tags: - Workflows summary: List workflow library actions description: This lists the workflow actions available to you. externalDocs: description: Additional documentation for each action url: https://documentation.sailpoint.com/saas/help/workflows/index.html#actions parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - in: query name: filters required: false schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq* example: id eq "sp:create-campaign" security: - userAuth: - sp:workflow:read - sp:workflow:manage responses: '200': description: List of workflow actions content: application/json: schema: type: array items: $ref: '#/components/schemas/WorkflowLibraryAction' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflow-library/triggers: get: operationId: listWorkflowLibraryTriggers tags: - Workflows summary: List workflow library triggers description: This lists the workflow triggers available to you externalDocs: description: Additional documentation for each trigger url: https://documentation.sailpoint.com/saas/help/workflows/index.html#triggers parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - in: query name: filters required: false schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq* example: id eq "idn:identity-attributes-changed" security: - userAuth: - sp:workflow:read - sp:workflow:manage responses: '200': description: List of workflow triggers content: application/json: schema: type: array items: $ref: '#/components/schemas/WorkflowLibraryTrigger' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflow-library/operators: get: operationId: listWorkflowLibraryOperators tags: - Workflows summary: List workflow library operators description: This lists the workflow operators available to you security: - userAuth: - sp:workflow:read - sp:workflow:manage responses: '200': description: List of workflow operators content: application/json: schema: type: array items: $ref: '#/components/schemas/WorkflowLibraryOperator' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflows/{id}/external/oauth-clients: post: operationId: createWorkflowExternalTrigger tags: - Workflows summary: Generate external trigger oauth client description: Create OAuth client ID, client secret, and callback URL for use in an external trigger. External triggers will need this information to generate an access token to authenticate to the callback URL and submit a trigger payload that will initiate the workflow. security: - userAuth: - sp:workflow:manage parameters: - name: id in: path description: Id of the workflow required: true style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b responses: '200': description: The OAuth Client object content: application/json: schema: $ref: '#/components/schemas/WorkflowOAuthClient' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflows/execute/external/{id}: post: operationId: createExternalExecuteWorkflow tags: - Workflows summary: Execute workflow via external trigger description: This endpoint allows a service outside of IdentityNow to initiate a workflow that uses the "External Trigger" step. The external service will invoke this endpoint with the input data it wants to send to the workflow in the body. security: - userAuth: - sp:workflow-execute:external - applicationAuth: - sp:workflow-execute:external parameters: - name: id in: path description: Id of the workflow required: true style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b requestBody: required: false content: application/json: schema: type: object properties: input: type: object description: The input for the workflow example: customAttribute1: value1 customAttribute2: value2 responses: '200': description: The Workflow object content: application/json: schema: type: object properties: workflowExecutionId: type: string description: The workflow execution id example: 0e11cefa-96e7-4b67-90d0-065bc1da5753 message: type: string description: An error message if any errors occurred example: Workflow was not executed externally. Check enabled flag on workflow definition '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workflows/execute/external/{id}/test: post: operationId: testExternalExecuteWorkflow tags: - Workflows summary: Test workflow via external trigger description: Validate a workflow with an "External Trigger" can receive input. The response includes the input that the workflow received, which can be used to validate that the input is intact when it reaches the workflow. security: - userAuth: - sp:workflow-execute:external - applicationAuth: - sp:workflow-execute:external parameters: - name: id in: path description: Id of the workflow required: true style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b requestBody: required: false content: application/json: schema: type: object properties: input: type: object description: The test input for the workflow example: test: hello world responses: '200': description: Responds with the test input content: application/json: schema: type: object properties: payload: type: object description: The input that was received example: test: hello world '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /source-usages/{sourceId}/status: get: tags: - Source Usages summary: Finds status of source usage description: This API returns the status of the source usage insights setup by IDN source ID. operationId: getStatusBySourceId parameters: - name: sourceId in: path description: ID of IDN source required: true x-sailpoint-resource-operation-id: listSources schema: type: string example: 2c9180835d191a86015d28455b4a2329 security: - userAuth: - idn:identity-history:manage - applicationAuth: - idn:identity-history:manage responses: '200': description: Status of the source usage insights setup by IDN source ID. content: application/json: schema: $ref: '#/components/schemas/SourceUsageStatus' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /source-usages/{sourceId}/summaries: get: tags: - Source Usages summary: Returns source usage insights description: This API returns a summary of source usage insights for past 12 months. operationId: getUsagesBySourceId parameters: - name: sourceId in: path description: ID of IDN source required: true x-sailpoint-resource-operation-id: listSources schema: type: string example: 2c9180835d191a86015d28455b4a2329 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **date** example: '-date' security: - userAuth: - idn:identity-history:manage - applicationAuth: - idn:identity-history:manage responses: '200': description: Summary of source usage insights for past 12 months. content: application/json: schema: type: array items: $ref: '#/components/schemas/SourceUsage' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /account-usages/{accountId}/summaries: get: tags: - Account Usages summary: Returns account usage insights description: This API returns a summary of account usage insights for past 12 months. operationId: getUsagesByAccountId parameters: - name: accountId in: path description: ID of IDN account required: true x-sailpoint-resource-operation-id: listAccounts schema: type: string example: ef38f94347e94562b5bb8424a56397d8 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **date** example: '-date' security: - userAuth: - idn:identity-history:manage - applicationAuth: - idn:identity-history:manage responses: '200': description: Summary of account usage insights for past 12 months. content: application/json: schema: type: array items: $ref: '#/components/schemas/AccountUsage' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identity-profiles/identity-preview: post: operationId: generateIdentityPreview tags: - Identity Profiles summary: Generate identity profile preview description: This generates a non-persisted IdentityDetails object that will represent as the preview of the identities attribute when the given policy''s attribute config is applied. requestBody: description: Identity Preview request body. required: true content: application/json: schema: $ref: '#/components/schemas/IdentityPreviewRequest' responses: '200': description: Object representing the preview object with all of the identity attributes using the current mappings. content: application/json: schema: $ref: '#/components/schemas/IdentityPreviewResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-profile:manage x-sailpoint-userLevels: - ORG_ADMIN /work-items/{id}/forward: post: operationId: forwardWorkItem tags: - Work Items summary: Forward a work item description: This API forwards a work item to a new owner. Either an admin, or the owning/current user must make this request. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listWorkItems description: The ID of the work item example: ef38f94347e94562b5bb8424a56397d8 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/WorkItemForward' responses: '200': description: Success, but no data is returned. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts/search-attribute-config: post: operationId: createSearchAttributeConfig tags: - Search Attribute Configuration summary: Create extended search attributes security: - userAuth: - idn:account-config:manage x-sailpoint-userLevels: - ORG_ADMIN description: |- Create and configure extended search attributes. This API accepts an attribute name, an attribute display name and a list of name/value pair associates of application IDs to attribute names. It will then validate the inputs and configure/create the attribute promotion configuration in the Link ObjectConfig. >**Note: Give searchable attributes unique names. Do not give them the same names used for account attributes or source attributes. Also, do not give them the same names present in account schema for a current or future source, regardless of whether that source is included in the searchable attributes' `applicationAttributes`.** requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SearchAttributeConfig' example: name: newMailAttribute displayName: New Mail Attribute applicationAttributes: 2c9180866166b5b0016167c32ef31a66: mail 2c9180866166b5b0016167c32ef31a67: mail responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true get: operationId: getSearchAttributeConfig tags: - Search Attribute Configuration summary: List extended search attributes security: - userAuth: - idn:account-config:read - idn:account-config:manage x-sailpoint-userLevels: - ORG_ADMIN description: Get a list of attribute/application attributes currently configured in Identity Security Cloud (ISC). parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of attribute configurations in ISC. content: application/json: schema: type: array items: $ref: '#/components/schemas/SearchAttributeConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts/search-attribute-config/{name}: get: operationId: getSingleSearchAttributeConfig tags: - Search Attribute Configuration summary: Get extended search attribute security: - userAuth: - idn:account-config:read - idn:account-config:manage x-sailpoint-userLevels: - ORG_ADMIN description: Get an extended attribute configuration by name. parameters: - name: name in: path description: Name of the extended search attribute configuration to get. required: true schema: type: string example: newMailAttribute - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Specific attribute configuration in IdentityNow. content: application/json: schema: $ref: '#/components/schemas/SearchAttributeConfig' '204': $ref: '#/components/responses/204' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteSearchAttributeConfig tags: - Search Attribute Configuration summary: Delete extended search attribute security: - userAuth: - idn:account-config:manage x-sailpoint-userLevels: - ORG_ADMIN description: Delete an extended attribute configuration by name. parameters: - name: name in: path description: Name of the extended search attribute configuration to delete. required: true schema: type: string example: newMailAttribute - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '204': $ref: '#/components/responses/204' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchSearchAttributeConfig tags: - Search Attribute Configuration summary: Update extended search attribute security: - userAuth: - idn:account-config:manage x-sailpoint-userLevels: - ORG_ADMIN description: |- Update an existing search attribute configuration. You can patch these fields: * name * displayName * applicationAttributes parameters: - name: name in: path description: Name of the search attribute configuration to patch. required: true schema: type: string example: promotedMailAttribute - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /name value: newAttributeName - op: replace path: /displayName value: new attribute display name - op: add path: /applicationAttributes value: 2c91808b79fd2422017a0b35d30f3968: employeeNumber required: true responses: '200': description: Responds with the search attribute configuration as updated. content: application/json: schema: $ref: '#/components/schemas/SearchAttributeConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-model-metadata/attributes: get: summary: List access model metadata attributes description: Get a list of Access Model Metadata Attributes tags: - Access Model Metadata operationId: listAccessModelMetadataAttribute security: - userAuth: - idn:access-model-metadata:read - idn:access-model-metadata:manage - applicationAuth: - idn:access-model-metadata:read - idn:access-model-metadata:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: query name: filters schema: type: string example: name eq "Privacy" required: false description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **key**: *eq* **name**: *eq* **type**: *eq* **status**: *eq* **objectTypes**: *eq* **Supported composite operators**: *and* - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, key** example: name,-key required: false - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' responses: '200': description: OK content: application/json: schema: type: array items: $ref: '#/components/schemas/AttributeDTO' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-model-metadata/attributes/{key}: get: summary: Get access model metadata attribute description: Get single Access Model Metadata Attribute tags: - Access Model Metadata operationId: getAccessModelMetadataAttribute security: - userAuth: - idn:access-model-metadata:read - idn:access-model-metadata:manage - applicationAuth: - idn:access-model-metadata:read - idn:access-model-metadata:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - name: key in: path required: true x-sailpoint-resource-operation-id: listAccessModelMetadataAttribute schema: type: string description: Technical name of the Attribute. example: iscPrivacy responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/AttributeDTO' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-model-metadata/attributes/{key}/values: get: summary: List access model metadata values description: Get a list of Access Model Metadata Attribute Values tags: - Access Model Metadata operationId: listAccessModelMetadataAttributeValue security: - userAuth: - idn:access-model-metadata:read - idn:access-model-metadata:manage - applicationAuth: - idn:access-model-metadata:read - idn:access-model-metadata:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - name: key in: path required: true x-sailpoint-resource-operation-id: listAccessModelMetadataAttribute schema: type: string description: Technical name of the Attribute. example: iscPrivacy - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' responses: '200': description: OK content: application/json: schema: type: array items: $ref: '#/components/schemas/AttributeValueDTO' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-model-metadata/attributes/{key}/values/{value}: get: summary: Get access model metadata value description: Get single Access Model Metadata Attribute Value tags: - Access Model Metadata operationId: getAccessModelMetadataAttributeValue security: - userAuth: - idn:access-model-metadata:read - idn:access-model-metadata:manage - applicationAuth: - idn:access-model-metadata:read - idn:access-model-metadata:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - name: key in: path required: true x-sailpoint-resource-operation-id: listAccessModelMetadataAttribute schema: type: string description: Technical name of the Attribute. example: iscPrivacy - name: value in: path required: true x-sailpoint-resource-operation-id: listAccessModelMetadataAttributeValue schema: type: string description: Technical name of the Attribute value. example: public responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/AttributeValueDTO' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /access-profiles/bulk-update-requestable: post: operationId: updateAccessProfilesInBulk summary: Update access profile(s) requestable field. tags: - Access Profiles description: |- This API initiates a bulk update of field requestable for one or more Access Profiles. > If any of the indicated Access Profiles is exists in Organization,then those Access Profiles will be added in **updated** list of the response.Requestable field of these Access Profiles marked as **true** or **false**. > If any of the indicated Access Profiles is not does not exists in Organization,then those Access Profiles will be added in **notFound** list of the response. Access Profiles marked as **notFound** will not be updated. A SOURCE_SUBADMIN may only use this API to update Access Profiles which are associated with Sources they are able to administer. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccessProfileBulkUpdateRequest' example: - id: 464ae7bf-791e-49fd-b746-06a2e4a89635 requestable: false responses: '207': description: List of updated and not updated Access Profiles. content: application/json: schema: $ref: '#/components/schemas/AccessProfileBulkUpdateResponse' example: - id: 464ae7bf-791e-49fd-b746-06a2e4a89635 status: '201' requestable: false description: Access Profile updated successfully. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '412': $ref: '#/components/responses/412' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:access-profile:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /ai-access-request-recommendations: get: operationId: getAccessRequestRecommendations tags: - IAI Access Request Recommendations security: - userAuth: - iai:access-request-recommender:read - iai:access-request-recommender:manage - applicationAuth: - iai:access-request-recommender:read - iai:access-request-recommender:manage x-sailpoint-userLevels: - Any summary: Identity access request recommendations description: This API returns the access request recommendations for the specified identity. The default identity is *me* which indicates the current user. parameters: - in: query name: identity-id description: Get access request recommendations for an identityId. *me* indicates the current user. schema: type: string default: me required: false example: 2c91808570313110017040b06f344ec9 - in: query name: limit description: Max number of results to return. required: false schema: type: integer format: int32 minimum: 0 maximum: 15 default: 15 example: 15 - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: include-translation-messages description: If *true* it will populate a list of translation messages in the response. schema: type: boolean default: false required: false example: false - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **access.name**: *co* **access.type**: *eq, in* **access.description**: *co, eq, in* required: false example: access.name co "admin" - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **access.name, access.type** By default the recommendations are sorted by highest confidence first. required: false example: access.name - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of access request recommendations for the identityId content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessRequestRecommendationItemDetail' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /ai-access-request-recommendations/config: get: operationId: getAccessRequestRecommendationsConfig tags: - IAI Access Request Recommendations security: - userAuth: - iai:configuration:read - iai:configuration:manage - applicationAuth: - iai:configuration:read - iai:configuration:manage x-sailpoint-userLevels: - ORG_ADMIN summary: Get access request recommendations config description: This API returns the configurations for Access Request Recommender for the tenant. parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Configurations for Access Request Recommender for the tenant. content: application/json: schema: $ref: '#/components/schemas/AccessRequestRecommendationConfigDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: setAccessRequestRecommendationsConfig tags: - IAI Access Request Recommendations security: - userAuth: - iai:configuration:read - iai:configuration:manage - applicationAuth: - iai:configuration:read - iai:configuration:manage x-sailpoint-userLevels: - ORG_ADMIN summary: Update access request recommendations config description: This API updates the configurations for Access Request Recommender for the tenant. requestBody: description: The desired configurations for Access Request Recommender for the tenant. required: true content: application/json: schema: $ref: '#/components/schemas/AccessRequestRecommendationConfigDto' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Successfully updated configurations for Access Request Recommender for the tenant. content: application/json: schema: $ref: '#/components/schemas/AccessRequestRecommendationConfigDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /ai-access-request-recommendations/ignored-items: post: operationId: addAccessRequestRecommendationsIgnoredItem tags: - IAI Access Request Recommendations security: - userAuth: - iai:access-request-recommender:manage - idn:access-request:manage - applicationAuth: - iai:access-request-recommender:manage - idn:access-request:manage x-sailpoint-userLevels: - Any summary: Ignore access request recommendation description: This API ignores a recommended access request item. Once an item is ignored, it will be marked as ignored=true if it is still a recommended item. The consumer can decide to hide ignored recommendations. requestBody: description: The recommended access item to ignore for an identity. required: true content: application/json: schema: $ref: '#/components/schemas/AccessRequestRecommendationActionItemDto' responses: '201': description: Recommendation successfully stored as ignored. content: application/json: schema: $ref: '#/components/schemas/AccessRequestRecommendationActionItemResponseDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true get: operationId: getAccessRequestRecommendationsIgnoredItems tags: - IAI Access Request Recommendations security: - userAuth: - iai:access-request-recommender:manage - idn:access-request:manage - applicationAuth: - iai:access-request-recommender:manage - idn:access-request:manage x-sailpoint-userLevels: - Any summary: List ignored access request recommendations description: This API returns the list of ignored access request recommendations. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **access.id**: *eq, in* **access.type**: *eq, in* **identityId**: *eq, in* required: false example: identityId eq "2c9180846b0a0583016b299f210c1314" - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **access.id, access.type, identityId, timestamp** required: false example: access.id - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Returns list of ignored access request recommendations. content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessRequestRecommendationActionItemResponseDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /ai-access-request-recommendations/requested-items: post: operationId: addAccessRequestRecommendationsRequestedItem tags: - IAI Access Request Recommendations security: - userAuth: - iai:access-request-recommender:manage - idn:access-request:manage - applicationAuth: - iai:access-request-recommender:manage - idn:access-request:manage x-sailpoint-userLevels: - Any summary: Accept access request recommendation description: This API consumes a notification that a recommended access request item was requested. This API does not actually make the request, it is just a notification. This will help provide feedback in order to improve our recommendations. requestBody: description: The recommended access item that was requested for an identity. required: true content: application/json: schema: $ref: '#/components/schemas/AccessRequestRecommendationActionItemDto' responses: '201': description: Notification successfully acknowledged. content: application/json: schema: $ref: '#/components/schemas/AccessRequestRecommendationActionItemResponseDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true get: operationId: getAccessRequestRecommendationsRequestedItems tags: - IAI Access Request Recommendations security: - userAuth: - iai:access-request-recommender:manage - idn:access-request:manage - applicationAuth: - iai:access-request-recommender:manage - idn:access-request:manage x-sailpoint-userLevels: - Any summary: List accepted access request recommendations description: This API returns a list of requested access request recommendations. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **access.id**: *eq, in* **access.type**: *eq, in* **identityId**: *eq, in* required: false example: access.id eq "2c9180846b0a0583016b299f210c1314" - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **access.id, access.type, identityId, timestamp** required: false example: access.id - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Returns the list of requested access request recommendations. content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessRequestRecommendationActionItemResponseDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /ai-access-request-recommendations/viewed-items: post: operationId: addAccessRequestRecommendationsViewedItem tags: - IAI Access Request Recommendations security: - userAuth: - iai:access-request-recommender:manage - applicationAuth: - iai:access-request-recommender:manage x-sailpoint-userLevels: - Any summary: Mark viewed access request recommendations description: This API consumes a notification that a recommended access request item was viewed. Future recommendations with this item will be marked with viewed=true. This can be useful for the consumer to determine if there are any new/unviewed recommendations. requestBody: description: The recommended access that was viewed for an identity. required: true content: application/json: schema: $ref: '#/components/schemas/AccessRequestRecommendationActionItemDto' responses: '201': description: Recommendation successfully stored as viewed. content: application/json: schema: $ref: '#/components/schemas/AccessRequestRecommendationActionItemResponseDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true get: operationId: getAccessRequestRecommendationsViewedItems tags: - IAI Access Request Recommendations security: - userAuth: - iai:access-request-recommender:read - iai:access-request-recommender:manage - idn:access-request:manage - applicationAuth: - iai:access-request-recommender:read - iai:access-request-recommender:manage - idn:access-request:manage x-sailpoint-userLevels: - Any summary: List viewed access request recommendations description: This API returns the list of viewed access request recommendations. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **access.id**: *eq, in* **access.type**: *eq, in* **identityId**: *eq, in* required: false example: access.id eq "2c9180846b0a0583016b299f210c1314" - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **access.id, access.type, identityId, timestamp** required: false example: access.id - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Returns list of viewed access request recommendations. content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessRequestRecommendationActionItemResponseDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /ai-access-request-recommendations/viewed-items/bulk-create: post: operationId: addAccessRequestRecommendationsViewedItems tags: - IAI Access Request Recommendations security: - userAuth: - iai:access-request-recommender:manage - applicationAuth: - iai:access-request-recommender:manage x-sailpoint-userLevels: - Any summary: Bulk mark viewed access request recommendations description: This API consumes a notification that a set of recommended access request item were viewed. Future recommendations with these items will be marked with viewed=true. This can be useful for the consumer to determine if there are any new/unviewed recommendations. requestBody: description: The recommended access items that were viewed for an identity. required: true content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessRequestRecommendationActionItemDto' responses: '201': description: Recommendations successfully stored as viewed. content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessRequestRecommendationActionItemResponseDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /auth-profiles: get: operationId: getProfileConfigList tags: - Auth Profile summary: Get list of auth profiles description: This API returns a list of auth profiles. security: - userAuth: - sp:auth-profile:read responses: '200': description: List of Auth Profiles content: application/json: schema: type: array items: $ref: '#/components/schemas/AuthProfileSummary' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /auth-profiles/{id}: get: operationId: getProfileConfig tags: - Auth Profile summary: Get auth profile description: This API returns auth profile information. security: - userAuth: - sp:auth-profile:read responses: '200': description: Auth Profile content: application/json: schema: $ref: '#/components/schemas/AuthProfile' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true - name: id in: path description: ID of the Auth Profile to patch. required: true x-sailpoint-resource-operation-id: getProfileConfigList schema: type: string example: 2c91808a7813090a017814121919ecca patch: operationId: patchProfileConfig tags: - Auth Profile summary: Patch a specified auth profile description: |- This API updates an existing Auth Profile. The following fields are patchable: **offNetwork**, **untrustedGeography**, **applicationId**, **applicationName**, **type** parameters: - name: id in: path description: ID of the Auth Profile to patch. required: true x-sailpoint-resource-operation-id: getProfileConfigList schema: type: string example: 2c91808a7813090a017814121919ecca - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' required: true responses: '200': description: Responds with the Auth Profile as updated. content: application/json: schema: $ref: '#/components/schemas/AuthProfile' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:auth-profile:update /custom-password-instructions: post: operationId: createCustomPasswordInstructions tags: - Custom Password Instructions summary: Create custom password instructions security: - userAuth: [] x-sailpoint-userLevels: - ORG_ADMIN description: This API creates the custom password instructions for the specified page ID. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CustomPasswordInstruction' example: pageId: reset-password:enter-password pageContent: See company password policies for details by clicking here responses: '200': description: Reference to the custom password instructions. content: application/json: schema: $ref: '#/components/schemas/CustomPasswordInstruction' example: pageId: reset-password:enter-password locale: default pageContent: See company password policies for details by clicking here '400': $ref: '#/components/responses/400' '403': $ref: '#/components/responses/403' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /custom-password-instructions/{pageId}: get: operationId: getCustomPasswordInstructions tags: - Custom Password Instructions summary: Get custom password instructions by page id security: - userAuth: [] x-sailpoint-userLevels: - ORG_ADMIN description: This API returns the custom password instructions for the specified page ID. parameters: - in: path name: pageId schema: type: string enum: - change-password:enter-password - change-password:finish - flow-selection:select - forget-username:user-email - mfa:enter-code - mfa:enter-kba - mfa:select - reset-password:enter-password - reset-password:enter-username - reset-password:finish - unlock-account:enter-username - unlock-account:finish required: true description: The page ID of custom password instructions to query. example: mfa:select - in: query name: locale schema: type: string description: The locale for the custom instructions, a BCP47 language tag. The default value is \"default\". - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Reference to the custom password instructions. content: application/json: schema: $ref: '#/components/schemas/CustomPasswordInstruction' example: pageId: reset-password:enter-password locale: default pageContent: See company password policies for details by clicking here '400': $ref: '#/components/responses/400' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '500': $ref: '#/components/responses/500' delete: operationId: deleteCustomPasswordInstructions tags: - Custom Password Instructions summary: Delete custom password instructions by page id security: - userAuth: [] x-sailpoint-userLevels: - ORG_ADMIN description: This API delete the custom password instructions for the specified page ID. parameters: - in: path name: pageId schema: type: string enum: - change-password:enter-password - change-password:finish - flow-selection:select - forget-username:user-email - mfa:enter-code - mfa:enter-kba - mfa:select - reset-password:enter-password - reset-password:enter-username - reset-password:finish - unlock-account:enter-username - unlock-account:finish required: true description: The page ID of custom password instructions to delete. example: mfa:select - in: query name: locale schema: type: string description: The locale for the custom instructions, a BCP47 language tag. The default value is \"default\". - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '500': $ref: '#/components/responses/500' /entitlements: get: operationId: listEntitlements tags: - Entitlements summary: Gets a list of entitlements. security: - userAuth: - idn:entitlement:read - idn:entitlement:manage - applicationAuth: - idn:entitlement:read - idn:entitlement:manage x-sailpoint-userLevels: - Any description: |- This API returns a list of entitlements. This API can be used in one of the two following ways: either getting entitlements for a specific **account-id**, or getting via use of **filters** (those two options are exclusive). Any authenticated token can call this API. parameters: - in: query name: account-id schema: type: string description: The account ID. If specified, returns only entitlements associated with the given Account. Cannot be specified with the **filters**, **segmented-for-identity**, **for-segment-ids**, or **include-unsegmented** param(s). example: ef38f94347e94562b5bb8424a56397d8 required: false - in: query name: segmented-for-identity schema: type: string description: |- If present and not empty, additionally filters Entitlements to those which are assigned to the Segment(s) which are visible to the Identity with the specified ID. Cannot be specified with the **account-id** or **for-segment-ids** param(s). It is also illegal to specify a value that refers to a different user's Identity. example: e554098913544630b5985e9042f5e44b required: false - in: query name: for-segment-ids schema: type: string format: comma-separated description: |- If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs. Cannot be specified with the **account-id** or **segmented-for-identity** param(s). example: 041727d4-7d95-4779-b891-93cf41e98249,a378c9fa-bae5-494c-804e-a1e30f69f649 required: false - in: query name: include-unsegmented schema: type: boolean default: true description: Whether or not the response list should contain unsegmented Entitlements. If **for-segment-ids** and **segmented-for-identity** are both absent or empty, specifying **include-unsegmented=false** results in an error. example: true required: false - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, created, modified, type, attribute, value, source.id, requestable** example: name,-modified required: false style: form explode: true - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, in, sw* **type**: *eq, in* **attribute**: *eq, in* **value**: *eq, in, sw* **source.id**: *eq, in* **requestable**: *eq* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* example: attribute eq "memberOf" required: false style: form explode: true responses: '200': description: List of entitlements content: application/json: schema: type: array items: $ref: '#/components/schemas/Entitlement' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /entitlements/{id}: get: operationId: getEntitlement tags: - Entitlements summary: Get an entitlement description: This API returns an entitlement by its ID. security: - userAuth: - idn:entitlement:read - idn:entitlement:manage - applicationAuth: - idn:entitlement:read - idn:entitlement:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listEntitlements description: The entitlement ID example: 2c91808874ff91550175097daaec161c responses: '200': description: An entitlement content: application/json: schema: $ref: '#/components/schemas/Entitlement' example: sourceSchemaObjectType: group attribute: memberOf attributes: GroupType: Security sAMAccountName: LauncherTest1 GroupScope: Global objectguid: '{01a6e70b-9705-4155-a5c6-492a9bcc8c64}' objectSid: S-1-5-21-3585869415-1648031554-2909195034-1633 cn: LauncherTest1 msDS-PrincipalName: AUTOMATIONAD\LauncherTest1 value: CN=LauncherTest1,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local description: some description privileged: false cloudGoverned: false source: type: SOURCE id: 2c9180877504c40e0175097d5ce707c8 name: EndToEnd-ADSource owner: id: 2c9180858315595501831958427e5424 name: Addie Smith type: IDENTITY segments: - 1d126fe0-45e2-4aea-bc64-a07e9344ef26 manuallyUpdatedFields: DISPLAY_NAME: true DESCRIPTION: true id: 2c91808c74ff913f0175097daa9d59cd name: LauncherTest1 created: '2020-10-08T18:33:52.029Z' modified: '2021-01-19T16:53:35.707Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchEntitlement tags: - Entitlements summary: Patch an entitlement description: |- This API updates an existing entitlement using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax. The following fields are patchable: **requestable**, **privileged**, **segments**, **owner**, **name**, **description**, and **manuallyUpdatedFields** When you're patching owner, only owner type and owner id must be provided. Owner name is optional, and it won't be modified. If the owner name is provided, it should correspond to the real name. The only owner type currently supported is IDENTITY. security: - userAuth: - idn:entitlement:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN parameters: - name: id in: path description: ID of the entitlement to patch required: true x-sailpoint-resource-operation-id: listEntitlements schema: type: string example: 2c91808a7813090a017814121e121518 requestBody: content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /requestable value: true examples: Make an entitlement requestable and privileged in one call: description: This example shows how multiple fields may be updated with a single patch call. value: - op: replace path: /requestable value: true - op: replace path: /privileged value: true Assign an entitlement to a segment: description: This example shows how to use patch to assign an entitlement to a segment by adding the segment's ID to the entitlement's segments array. value: - op: add path: /segments/- value: f7b1b8a3-5fed-4fd4-ad29-82014e137e19 Assign an owner to an entitlement: description: This example shows how to use patch to assign an owner to an entitlement by adding the owner's info to the entitlement. value: - op: add path: /owner value: type: IDENTITY id: 2c9180858315595501831958427e5424 Replace an owner for an entitlement: description: This example shows how to use patch to replace an entitlement's owner by replacing the owner's info to the entitlement. value: - op: replace path: /owner value: type: IDENTITY id: 2c9180858315595501831958427e5424 Set entitlement manually updated fields: description: 'This example shows how to set an entitlement''s manually updated fields values with patch request. Values for all manually updateable fields must be specified in the request. For now only two entitlement fields support this: DISPLAY_NAME and DESCRIPTION.' value: - op: replace path: /manuallyUpdatedFields value: DISPLAY_NAME: true DESCRIPTION: true Add the description for an entitlement: description: This example shows how to use patch to add a description for the entitlement. value: - op: add path: /description value: new description for the entitlement Update the name for an entitlement: description: This example shows how to use patch to update an entitlement's name. value: - op: replace path: /name value: entitlement new name responses: '200': description: Responds with the entitlement as updated. content: application/json: schema: $ref: '#/components/schemas/Entitlement' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /entitlements/{id}/parents: get: operationId: listEntitlementParents tags: - Entitlements summary: List of entitlements parents description: This API returns a list of all parent entitlements of a given entitlement. security: - userAuth: - idn:entitlement:read - idn:entitlement:manage - applicationAuth: - idn:entitlement:read - idn:entitlement:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listEntitlements description: Entitlement Id example: 2c91808c74ff913f0175097daa9d59cd - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, created, modified, type, attribute, value, source.id** example: name,-modified required: false style: form explode: true - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, in, sw* **type**: *eq, in* **attribute**: *eq, in* **value**: *eq, in, sw* **source.id**: *eq, in* **requestable**: *eq* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* example: attribute eq "memberOf" required: false style: form explode: true responses: '200': description: List of entitlements parents from an entitlement content: application/json: schema: type: array items: $ref: '#/components/schemas/Entitlement' example: - sourceSchemaObjectType: group attribute: memberOf attributes: GroupType: Security sAMAccountName: LauncherTest1 GroupScope: Global objectguid: '{01a6e70b-9705-4155-a5c6-492a9bcc8c64}' objectSid: S-1-5-21-3585869415-1648031554-2909195034-1633 cn: LauncherTest1 msDS-PrincipalName: AUTOMATIONAD\LauncherTest1 value: CN=LauncherTest1,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local description: some description privileged: false cloudGoverned: false source: type: SOURCE id: 2c9180877504c40e0175097d5ce707c8 name: EndToEnd-ADSource owner: id: 2a2fdacca5e345f18bf7970cfbb8fec2 name: identity 1 type: IDENTITY segments: - 1d126fe0-45e2-4aea-bc64-a07e9344ef26 manuallyUpdatedFields: DISPLAY_NAME: true DESCRIPTION: true id: 2c91808c74ff913f0175097daa9d59cd name: LauncherTest1 created: '2020-10-08T18:33:52.029Z' modified: '2021-01-19T16:53:35.707Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /entitlements/{id}/children: get: operationId: listEntitlementChildren tags: - Entitlements summary: List of entitlements children description: This API returns a list of all child entitlements of a given entitlement. security: - userAuth: - idn:entitlement:read - idn:entitlement:manage - applicationAuth: - idn:entitlement:read - idn:entitlement:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listEntitlements description: Entitlement Id example: 2c91808874ff91550175097daaec161c - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, created, modified, type, attribute, value, source.id** example: name,-modified required: false style: form explode: true - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, in, sw* **type**: *eq, in* **attribute**: *eq, in* **value**: *eq, in, sw* **source.id**: *eq, in* **requestable**: *eq* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* example: attribute eq "memberOf" required: false style: form explode: true responses: '200': description: List of entitlements children from an entitlement content: application/json: schema: type: array items: $ref: '#/components/schemas/Entitlement' example: - sourceSchemaObjectType: group attribute: memberOf attributes: GroupType: Security sAMAccountName: LauncherTest1 GroupScope: Global objectguid: '{01a6e70b-9705-4155-a5c6-492a9bcc8c64}' objectSid: S-1-5-21-3585869415-1648031554-2909195034-1633 cn: LauncherTest1 msDS-PrincipalName: AUTOMATIONAD\LauncherTest1 value: CN=LauncherTest1,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local description: some description privileged: false cloudGoverned: false source: type: SOURCE id: 2c9180877504c40e0175097d5ce707c8 name: EndToEnd-ADSource owner: id: 2a2fdacca5e345f18bf7970cfbb8fec2 name: identity 1 type: IDENTITY segments: - 1d126fe0-45e2-4aea-bc64-a07e9344ef26 manuallyUpdatedFields: DISPLAY_NAME: true DESCRIPTION: true id: 2c91808c74ff913f0175097daa9d59cd name: LauncherTest1 created: '2020-10-08T18:33:52.029Z' modified: '2021-01-19T16:53:35.707Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /entitlements/bulk-update: post: operationId: updateEntitlementsInBulk tags: - Entitlements summary: Bulk update an entitlement list security: - userAuth: - idn:entitlement:manage x-sailpoint-userLevels: - ORG_ADMIN description: | This API applies an update to every entitlement of the list. The number of entitlements to update is limited to 50 items maximum. The JsonPatch update follows the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. examples of allowed operations : `**{ "op": "replace", "path": "/privileged", "value": boolean }**` `**{ "op": "replace", "path": "/requestable","value": boolean }**` A token with ORG_ADMIN or API authority is required to call this API. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/EntitlementBulkUpdateRequest' responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /entitlements/{id}/entitlement-request-config: get: operationId: getEntitlementRequestConfig tags: - Entitlements summary: Get entitlement request config description: This API returns the entitlement request config for a specified entitlement. security: - userAuth: - idn:entitlement:read - idn:entitlement:manage - applicationAuth: - idn:entitlement:read - idn:entitlement:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_SUBADMIN - SOURCE_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listEntitlements description: Entitlement Id example: 2c91808874ff91550175097daaec161c responses: '200': description: An Entitlement Request Config content: application/json: schema: $ref: '#/components/schemas/EntitlementRequestConfig' example: accessRequestConfig: requestCommentRequired: true denialCommentRequired: true reauthorizationRequired: false approvalSchemes: - approverType: ENTITLEMENT_OWNER approverId: null - approverType: SOURCE_OWNER approverId: null - approverType: MANAGER approverId: null - approverType: GOVERNANCE_GROUP approverId: 46c79819-a69f-49a2-becb-12c971ae66c6 revocationRequestConfig: approvalSchemes: - approverType: ENTITLEMENT_OWNER approverId: null - approverType: SOURCE_OWNER approverId: null - approverType: MANAGER approverId: null - approverType: GOVERNANCE_GROUP approverId: 46c79819-a69f-49a2-becb-12c971ae66c6 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putEntitlementRequestConfig tags: - Entitlements summary: Replace entitlement request config description: This API replaces the entitlement request config for a specified entitlement. security: - userAuth: - idn:entitlement:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_SUBADMIN - SOURCE_ADMIN parameters: - name: id in: path description: Entitlement ID required: true x-sailpoint-resource-operation-id: listEntitlements schema: type: string example: 2c91808a7813090a017814121e121518 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/EntitlementRequestConfig' responses: '200': description: Responds with the entitlement request config as updated. content: application/json: schema: $ref: '#/components/schemas/EntitlementRequestConfig' example: accessRequestConfig: requestCommentRequired: true denialCommentRequired: true approvalSchemes: - approverType: ENTITLEMENT_OWNER approverId: null - approverType: SOURCE_OWNER approverId: null - approverType: MANAGER approverId: null - approverType: GOVERNANCE_GROUP approverId: 46c79819-a69f-49a2-becb-12c971ae66c6 revocationRequestConfig: approvalSchemes: - approverType: ENTITLEMENT_OWNER approverId: null - approverType: SOURCE_OWNER approverId: null - approverType: MANAGER approverId: null - approverType: GOVERNANCE_GROUP approverId: 46c79819-a69f-49a2-becb-12c971ae66c6 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /entitlements/reset/sources/{id}: post: operationId: resetSourceEntitlements tags: - Entitlements summary: Reset source entitlements description: |- Remove all entitlements from a specific source. To reload the accounts along with the entitlements you removed, you must run an unoptimized aggregation. To do so, use [Account Aggregation](https://developer.sailpoint.com/docs/api/v2024/import-accounts/) with `disableOptimization` = `true`. parameters: - name: id in: path description: ID of source for the entitlement reset required: true x-sailpoint-resource-operation-id: listSources schema: type: string example: 2c91808a7813090a017814121919ecca responses: '202': description: Entitlement source reset task result content: application/json: schema: $ref: '#/components/schemas/EntitlementSourceResetBaseReferenceDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:entitlement:manage x-sailpoint-userLevels: - ORG_ADMIN /entitlements/{id}/access-model-metadata/{attributeKey}/values/{attributeValue}: post: summary: Add metadata to an entitlement. description: Add single Access Model Metadata to an entitlement. tags: - Entitlements operationId: createAccessModelMetadataForEntitlement security: - userAuth: - idn:entitlement:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - name: id in: path required: true x-sailpoint-resource-operation-id: listEntitlements schema: type: string description: The entitlement id. example: 2c91808c74ff913f0175097daa9d59cd - name: attributeKey in: path required: true x-sailpoint-resource-operation-id: listAccessModelMetadataAttribute schema: type: string description: Technical name of the Attribute. example: iscPrivacy - name: attributeValue in: path required: true x-sailpoint-resource-operation-id: listAccessModelMetadataAttributeValue schema: type: string description: Technical name of the Attribute Value. example: public responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/Entitlement' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: summary: Remove metadata from an entitlement. description: Remove single Access Model Metadata from an entitlement. tags: - Entitlements operationId: deleteAccessModelMetadataFromEntitlement security: - userAuth: - idn:entitlement:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - name: id in: path required: true x-sailpoint-resource-operation-id: listEntitlements schema: type: string description: The entitlement id. example: 2c91808c74ff913f0175097daa9d59cd - name: attributeKey in: path required: true x-sailpoint-resource-operation-id: listAccessModelMetadataAttribute schema: type: string description: Technical name of the Attribute. example: iscPrivacy - name: attributeValue in: path required: true x-sailpoint-resource-operation-id: listAccessModelMetadataAttributeValue schema: type: string description: Technical name of the Attribute Value. example: public responses: '200': description: OK '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /entitlements/aggregate/sources/{id}: post: tags: - Entitlements summary: Aggregate entitlements deprecated: true operationId: importEntitlementsBySource description: |- Starts an entitlement aggregation on the specified source. Though this endpoint has been deprecated, you can find its Beta equivalent [here](https://developer.sailpoint.com/docs/api/beta/import-entitlements). If the target source is a direct connection, then the request body must be empty. You will also need to make sure the Content-Type header is not set. If you set the Content-Type header without specifying a body, then you will receive a 500 error. If the target source is a delimited file source, then the CSV file needs to be included in the request body. You will also need to set the Content-Type header to `multipart/form-data`. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: Source Id example: ef38f94347e94562b5bb8424a56397d8 requestBody: content: multipart/form-data: schema: type: object properties: csvFile: type: string format: binary description: The CSV file containing the source entitlements to aggregate. responses: '202': description: Aggregate Entitlements Task content: application/json: schema: $ref: '#/components/schemas/LoadEntitlementTask' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:entitlement:manage x-sailpoint-userLevels: - ORG_ADMIN /entitlements/identities/{id}/entitlements: get: operationId: listEntitlementsByIdentity tags: - Identities summary: List of entitlements by identity. description: The API returns a list of all entitlements assigned to an identity, either directly or through the role or access profile. A token with ORG_ADMIN or API authority is required to call this API. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: path name: id schema: type: string required: true description: Identity Id example: ef38f94347e94562b5bb8424a56397d8 x-sailpoint-resource-operation-id: listIdentities responses: '200': description: List of all Entitlements for given Identity content: application/json: schema: type: array items: $ref: '#/components/schemas/IdentityEntitlements' example: - type: ENTITLEMENT id: 2c918087682f9a86016839c050861ab1 name: CN=Information Access,OU=test,OU=test-service,DC=TestAD,DC=local - type: ENTITLEMENT id: 2c918087682f9a86016839c0509c1ab2 name: CN=Information Technology,OU=test,OU=test-service,DC=TestAD,DC=local - type: ENTITLEMENT id: 2c9180886bd256ae016bd2593fe5009e name: CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:entitlement:read /generate-password-reset-token/digit: post: operationId: createDigitToken security: - userAuth: - idn:password-digit-token:create - applicationAuth: - idn:password-digit-token:create summary: Generate a digit token tags: - Password Management description: This API is used to generate a digit token for password management. Requires authorization scope of "idn:password-digit-token:create". requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PasswordDigitTokenReset' example: userId: Abby.Smith length: 8 durationMinutes: 5 responses: '200': description: The digit token for password management. content: application/json: schema: $ref: '#/components/schemas/PasswordDigitToken' example: digitToken: 9087713 requestId: e1267ecd-fcd9-4c73-9c55-12555efad136 '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /historical-identities: get: operationId: listHistoricalIdentities summary: Lists all the identities description: This gets the list of identities for the customer. This list end point does not support count=true request param. The total count of identities would never be returned even if the count param is specified in the request Requires authorization scope of 'idn:identity-history:read' security: - userAuth: - idn:identity-history:read - idn:identity-history:manage - applicationAuth: - idn:identity-history:read - idn:identity-history:manage tags: - Identity History parameters: - in: query name: starts-with-query schema: type: string description: This param is used for starts-with search for first, last and display name of the identity example: Ada - in: query name: is-deleted schema: type: boolean description: Indicates if we want to only list down deleted identities or not. example: true - in: query name: is-active schema: type: boolean description: Indicates if we want to only list active or inactive identities. example: true - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of identities for the customer. content: application/json: schema: type: array items: $ref: '#/components/schemas/IdentityListItem' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /historical-identities/{id}: get: operationId: getHistoricalIdentity tags: - Identity History summary: Get latest snapshot of identity description: This method retrieves a specified identity Requires authorization scope of 'idn:identity-history:read' security: - userAuth: - idn:identity-history:read - idn:identity-history:manage - applicationAuth: - idn:identity-history:read - idn:identity-history:manage parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listHistoricalIdentities description: The identity id example: 8c190e6787aa4ed9a90bd9d5344523fb - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: The identity object. content: application/json: schema: $ref: '#/components/schemas/IdentityHistoryResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /historical-identities/{id}/access-items: get: operationId: listIdentityAccessItems tags: - Identity History summary: List access items by identity security: - userAuth: - idn:identity-history:read - idn:identity-history:manage - applicationAuth: - idn:identity-history:read - idn:identity-history:manage x-sailpoint-userLevels: - ORG_ADMIN - HELPDESK - REPORT_ADMIN description: | This method retrieves a list of access item for the identity filtered by the access item type parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listHistoricalIdentities description: The identity id example: 8c190e6787aa4ed9a90bd9d5344523fb - in: query name: type schema: type: string enum: - account - entitlement - app - accessProfile - role required: false description: The type of access item for the identity. If not provided, it defaults to account example: account - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - $ref: '#/components/parameters/offset' responses: '200': description: The list of access items. content: application/json: schema: type: array items: anyOf: - $ref: '#/components/schemas/AccessItemEntitlementResponse' - $ref: '#/components/schemas/AccessItemAccessProfileResponse' - $ref: '#/components/schemas/AccessItemAccountResponse' - $ref: '#/components/schemas/AccessItemRoleResponse' - $ref: '#/components/schemas/AccessItemAppResponse' examples: Access Profile: description: An access profile response value: - accessType: accessProfile id: 2c918087763e69d901763e72e97f006f name: sample sourceName: DataScienceDataset sourceId: 2793o32dwd description: AccessProfile - Workday/Citizenship access displayName: Dr. Arden Rogahn MD entitlementCount: 12 appDisplayName: AppName Account: description: An account response value: - accessType: account id: 2c918087763e69d901763e72e97f006f nativeIdentity: dr.arden.ogahn.d sourceName: DataScienceDataset sourceId: 2793o32dwd entitlementCount: 12 displayName: Dr. Arden Rogahn MD App: description: An app response value: - accessType: app id: 2c918087763e69d901763e72e97f006f name: appName Entitlement: description: An entitlement event value: - accessType: entitlement id: 2c918087763e69d901763e72e97f006f attribute: groups value: Upward mobility access type: group sourceName: DataScienceDataset sourceId: 2793o32dwd description: Entitlement - Workday/Citizenship access displayName: Dr. Arden Rogahn MD Role: description: A role response value: - accessType: role id: 2c918087763e69d901763e72e97f006f name: sample description: Role - Workday/Citizenship access '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /historical-identities/{id}/snapshots: get: operationId: listIdentitySnapshots tags: - Identity History summary: Lists all the snapshots for the identity description: 'This method retrieves all the snapshots for the identity Requires authorization scope of ''idn:identity-history:read'' ' parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listHistoricalIdentities description: The identity id example: 8c190e6787aa4ed9a90bd9d5344523fb - in: query name: start schema: type: string description: The specified start date example: '2007-03-01T13:00:00Z' - in: query name: interval schema: type: string enum: - day - month description: The interval indicating the range in day or month for the specified interval-name - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: A list of identity summary for each snapshot. content: application/json: schema: type: array items: $ref: '#/components/schemas/IdentitySnapshotSummaryResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-history:read - idn:identity-history:manage - applicationAuth: - idn:identity-history:read - idn:identity-history:manage /historical-identities/{id}/snapshot-summary: get: operationId: getIdentitySnapshotSummary tags: - Identity History summary: Gets the summary for the event count for a specific identity description: 'This method gets the summary for the event count for a specific identity by month/day Requires authorization scope of ''idn:identity-history:read'' ' parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listHistoricalIdentities description: The identity id example: 8c190e6787aa4ed9a90bd9d5344523fb - in: query name: before schema: type: string description: The date before which snapshot summary is required example: '2007-03-01T13:00:00Z' - in: query name: interval schema: type: string enum: - day - month description: The interval indicating day or month. Defaults to month if not specified - in: query name: time-zone schema: type: string description: The time zone. Defaults to UTC if not provided example: UTC - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: A summary list of identity changes in date histogram format. content: application/json: schema: type: array items: $ref: '#/components/schemas/MetricResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-history:read - idn:identity-history:manage - applicationAuth: - idn:identity-history:read - idn:identity-history:manage /historical-identities/{id}/snapshots/{date}: get: operationId: getIdentitySnapshot tags: - Identity History summary: Gets an identity snapshot at a given date description: 'This method retrieves a specified identity snapshot at a given date Requires authorization scope of ''idn:identity-history:read'' ' parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listHistoricalIdentities description: The identity id example: 8c190e6787aa4ed9a90bd9d5344523fb - in: path name: date schema: type: string description: The specified date example: '2007-03-01T13:00:00Z' required: true - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: The identity object. content: application/json: schema: $ref: '#/components/schemas/IdentityHistoryResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-history:read - idn:identity-history:manage - applicationAuth: - idn:identity-history:read - idn:identity-history:manage /historical-identities/{id}/snapshots/{date}/access-items: get: operationId: listIdentitySnapshotAccessItems tags: - Identity History summary: Gets the list of identity access items at a given date filterd by item type description: 'This method retrieves the list of identity access items at a given date filterd by item type Requires authorization scope of ''idn:identity-history:read'' ' parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listHistoricalIdentities description: The identity id example: 8c190e6787aa4ed9a90bd9d5344523fb - in: path name: date schema: type: string required: true description: The specified date example: '2007-03-01T13:00:00Z' - in: query name: type schema: type: string description: The access item type example: account - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: The identity object. content: application/json: schema: type: array items: oneOf: - $ref: '#/components/schemas/AccessItemAccessProfileResponse' - $ref: '#/components/schemas/AccessItemAccountResponse' - $ref: '#/components/schemas/AccessItemAppResponse' - $ref: '#/components/schemas/AccessItemEntitlementResponse' - $ref: '#/components/schemas/AccessItemRoleResponse' examples: Access Item AccessProfile Response: description: An access profile response value: - type: accessProfile id: 2c918087763e69d901763e72e97f006f name: sample sourceName: DataScienceDataset sourceId: 2793o32dwd description: AccessProfile - Workday/Citizenship access displayName: Dr. Arden Rogahn MD entitlementCount: 12 appDisplayName: AppName Access Item Account Response: description: An account response value: - type: account id: 2c918087763e69d901763e72e97f006f nativeIdentity: dr.arden.ogahn.d sourceName: DataScienceDataset sourceId: 2793o32dwd entitlementCount: 12 displayName: Dr. Arden Rogahn MD Access Item App Response: description: An app response value: - type: app id: 2c918087763e69d901763e72e97f006f name: appName Access Item Entitlement Response: description: An entitlement event value: - type: entitlement id: 2c918087763e69d901763e72e97f006f attribute: groups value: Upward mobility access entitlementType: entitlement sourceName: DataScienceDataset sourceId: 2793o32dwd description: Entitlement - Workday/Citizenship access displayName: Dr. Arden Rogahn MD Access Item Role Response: description: A role response value: - type: role id: 2c918087763e69d901763e72e97f006f name: sample description: Role - Workday/Citizenship access '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-history:read - idn:identity-history:manage - applicationAuth: - idn:identity-history:read - idn:identity-history:manage /common-access: get: operationId: getCommonAccess summary: Get a paginated list of common access tags: - IAI Common Access description: This endpoint returns the current common access for a customer. The returned items can be filtered and sorted. Requires authorization scope of iai:access-modeling:read parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - in: query name: filters description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **status**: *eq, sw* **reviewedByUser** *eq* **access.id**: *eq, sw* **access.type**: *eq* **access.name**: *sw, eq* **access.description**: *sw, eq* example: access.type eq "ROLE" required: false style: form explode: true schema: type: string - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **access.name, status** By default the common access items are sorted by name, ascending. example: access.name - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns a list of common access for a customer. content: application/json: schema: type: array items: $ref: '#/components/schemas/CommonAccessResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:access-modeling:read - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:read - iai:access-modeling:manage post: operationId: createCommonAccess summary: Create common access items tags: - IAI Common Access description: This API is used to add roles/access profiles to the list of common access for a customer. Requires authorization scope of iai:access-modeling:create requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CommonAccessItemRequest' responses: '202': description: Returns details of the common access classification request. content: application/json: schema: $ref: '#/components/schemas/CommonAccessItemResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true security: - userAuth: - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:manage /common-access/update-status: post: operationId: updateCommonAccessStatusInBulk summary: Bulk update common access status tags: - IAI Common Access description: This submits an update request to the common access application. At this time there are no parameters. Requires authorization scope of iai:access-modeling:update requestBody: description: Confirm or deny in bulk the common access ids that are (or aren't) common access required: true content: application/json: schema: type: array items: $ref: '#/components/schemas/CommonAccessIDStatus' responses: '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true security: - userAuth: - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:manage /historical-identities/{id}/events: get: operationId: getHistoricalIdentityEvents tags: - Identity History summary: List identity event history description: 'This method retrieves all access events for the identity Requires authorization scope of ''idn:identity-history:read'' ' security: - userAuth: - idn:identity-history:read - idn:identity-history:manage - applicationAuth: - idn:identity-history:read - idn:identity-history:manage parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listHistoricalIdentities description: The identity id example: 8c190e6787aa4ed9a90bd9d5344523fb - in: query name: from schema: type: string required: false description: The optional instant until which access events are returned example: '2024-03-01T13:00:00Z' - in: query name: eventTypes schema: type: array items: type: string required: false description: An optional list of event types to return. If null or empty, all events are returned example: - AccessAddedEvent - AccessRemovedEvent - in: query name: accessItemTypes schema: type: array items: type: string required: false description: An optional list of access item types (app, account, entitlement, etc...) to return. If null or empty, all access items types are returned example: - entitlement - account - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: The list of events for the identity content: application/json: schema: type: array items: anyOf: - $ref: '#/components/schemas/IdentityCertified' - $ref: '#/components/schemas/AccessItemAssociated' - $ref: '#/components/schemas/AccessItemRemoved' - $ref: '#/components/schemas/AttributesChanged' - $ref: '#/components/schemas/AccessRequested' - $ref: '#/components/schemas/AccountStatusChanged' examples: AccessItemAssociated: description: An Access item associated event value: - accessItem: id: 8c190e6787aa4ed9a90bd9d5344523fb accessType: account nativeIdentity: 127999 sourceName: JDBC Entitlements Source entitlementCount: 0 displayName: Sample Name eventType: AccessItemAssociated identityId: 8a80828f643d484f01643e14202e206f dt: '2019-03-08T22:37:33.901Z' governanceEvent: name: Access Request 58 dt: '2019-03-08T22:37:33.901Z' type: accessRequest governanceId: 2c91808a77ff216301782327a50f09e1 owners: - id: bc693f07e7b645539626c25954c58554 displayName: Jon Snow reviewers: - id: bc693f07e7b645539626c25954c58554 displayName: Jon Snow decisionMaker: id: bc693f07e7b645539626c25954c58554 displayName: Jon Snow AccessItemRemoved: description: An Access item removed event value: - accessItem: id: 8c190e6787aa4ed9a90bd9d5344523fb accessType: account nativeIdentity: 127999 sourceName: JDBC Entitlements Source entitlementCount: 0 displayName: Sample Name eventType: AccessItemRemoved identityId: 8a80828f643d484f01643e14202e206f dt: '2019-03-08T22:37:33.901Z' governanceEvent: name: Manager Certification for Jon Snow dt: '2019-03-08T22:37:33.901Z' type: certification governanceId: 2c91808a77ff216301782327a50f09bf owners: - id: bc693f07e7b645539626c25954c58554 displayName: Jon Snow reviewers: - id: bc693f07e7b645539626c25954c58554 displayName: Jon Snow decisionMaker: id: bc693f07e7b645539626c25954c58554 displayName: Jon Snow AttributesChanged: description: An attribute changed event value: - attributeChanges: - name: firstname previousValue: adam newValue: zampa eventType: AttributesChanged identityId: 8a80828f643d484f01643e14202e206f dt: '2019-03-08T22:37:33.901Z' AccessRequested: description: An access requested event value: accessRequest: requesterId: 2c91808a77ff216301782327a50f09bf requestName: Bing C items: - operation: Add accessItemType: role name: Role-1 decision: APPROVED description: The role descrition sourceId: 8a80828f643d484f01643e14202e206f sourceName: Source1 approvalInfos: - name: John Snow id: 8a80828f643d484f01643e14202e2000 status: Approved eventType: AccessRequested identityId: 8a80828f643d484f01643e14202e206f dt: '2019-03-08T22:37:33.901Z' IdentityCertified: description: An identity certified event value: - certification: id: 2c91808a77ff216301782327a50f09bf name: Cert name signedDate: '2019-03-08T22:37:33.901Z' certifiers: - id: 8a80828f643d484f01643e14202e206f displayName: John Snow reviewers: - id: 8a80828f643d484f01643e14202e206f displayName: Daenerys Targaryen signer: id: 8a80828f643d484f01643e14202e206f displayName: Tyrion Lannister eventType: IdentityCertified identityId: 8a80828f643d484f01643e14202e206f dt: '2019-03-08T22:37:33.901Z' AccountStatusChanged: description: An account status changed event value: - account: id: 2c91808a77ff216301782327a50f09bf nativeIdentity: 127999 displayName: Sample Name sourceId: 8a80828f643d484f01643e14202e206f sourceName: JDBC Entitlements Source entitlementCount: 0 accessType: account statusChange: previousStatus: ENABLED newStatus: DISABLED eventType: AccountStatusChanged identityId: 8a80828f643d484f01643e14202e206f dt: '2019-03-08T22:37:33.901Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /historical-identities/{id}/start-date: get: operationId: getIdentityStartDate tags: - Identity History summary: Gets the start date of the identity description: 'This method retrieves start date of the identity Requires authorization scope of ''idn:identity-history:read'' ' parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listHistoricalIdentities description: The identity id example: 8c190e6787aa4ed9a90bd9d5344523fb - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: The start date of the identity content: application/json: schema: type: string example: '2017-03-01T13:00:00.000Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-history:read - idn:identity-history:manage - applicationAuth: - idn:identity-history:read - idn:identity-history:manage /historical-identities/{id}/compare: get: operationId: compareIdentitySnapshots tags: - Identity History summary: Gets a difference of count for each access item types for the given identity between 2 snapshots description: 'This method gets a difference of count for each access item types for the given identity between 2 snapshots Requires authorization scope of ''idn:identity-history:read'' ' parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listHistoricalIdentities description: The identity id example: 8c190e6787aa4ed9a90bd9d5344523fb - in: query name: snapshot1 schema: type: string description: The snapshot 1 of identity example: '2007-03-01T13:00:00Z' - in: query name: snapshot2 schema: type: string description: The snapshot 2 of identity example: '2008-03-01T13:00:00Z' - in: query name: accessItemTypes schema: type: array items: type: string description: 'An optional list of access item types (app, account, entitlement, etc...) to return. If null or empty, all access items types are returned ' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: A IdentityCompare object with difference details for each access item type content: application/json: schema: type: array items: $ref: '#/components/schemas/IdentityCompareResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-history:read - idn:identity-history:manage - applicationAuth: - idn:identity-history:read - idn:identity-history:manage /historical-identities/{id}/compare/{access-type}: get: operationId: compareIdentitySnapshotsAccessType tags: - Identity History summary: Gets a list of differences of specific accesstype for the given identity between 2 snapshots description: 'This method gets a list of differences of specific accessType for the given identity between 2 snapshots Requires authorization scope of ''idn:identity-history:read'' ' parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listHistoricalIdentities description: The identity id example: 8c190e6787aa4ed9a90bd9d5344523fb - in: path name: accessType schema: type: string enum: - accessProfile - account - app - entitlement - role required: true description: The specific type which needs to be compared example: role - in: query name: access-associated schema: type: boolean description: Indicates if added or removed access needs to be returned. true - added, false - removed, null - both added & removed example: '2007-03-01T13:00:00Z' - in: query name: snapshot1 schema: type: string description: The snapshot 1 of identity example: '2008-03-01T13:00:00Z' - in: query name: snapshot2 schema: type: string description: The snapshot 2 of identity example: '2009-03-01T13:00:00Z' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: A list of events for the identity content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessItemDiff' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:identity-history:read - idn:identity-history:manage - applicationAuth: - idn:identity-history:read - idn:identity-history:manage /identities/{identityId}/synchronize-attributes: post: operationId: synchronizeAttributesForIdentity tags: - Identities summary: Attribute synchronization for single identity. security: - userAuth: [] - applicationAuth: [] x-sailpoint-userLevels: - ORG_ADMIN description: This end-point performs attribute synchronization for a selected identity. The endpoint can be called once in 10 seconds per identity. parameters: - in: path name: identityId schema: type: string required: true x-sailpoint-resource-operation-id: listIdentities description: The Identity id - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '202': description: An Identity Sync job content: application/json: schema: $ref: '#/components/schemas/IdentitySyncJob' example: id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3dfc status: IN_PROGRESS payload: type: SYNCHRONIZE_IDENTITY_ATTRIBUTES dataJson: '{"identityId":"2c918083746f642c01746f990884012a"}' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identities/invite: post: operationId: startIdentitiesInvite tags: - Identities summary: Invite identities to register description: | This API submits a task for inviting given identities via email to complete registration. The invitation email will include the link. After selecting the link an identity will be able to set up password and log in into the system. Invitations expire after 7 days. By default invitations send to the work identity email. It can be changed in Admin > Identities > Identity Profiles by selecting corresponding profile and editing Invitation Options. This task will send an invitation email only for unregistered identities. The executed task status can be checked by Task Management > [Get task status by ID](https://developer.sailpoint.com/docs/api/beta/get-task-status). externalDocs: description: Learn more about inviting identities here url: https://documentation.sailpoint.com/saas/help/common/users/inviting_users.html security: - userAuth: - idn:password-user-invite:manage x-sailpoint-userLevels: - ORG_ADMIN - HELPDESK requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/InviteIdentitiesRequest' responses: '202': description: Responds with an initial TaskStatus for the executed task content: application/json: schema: $ref: '#/components/schemas/TaskStatus' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /identities/{id}/verification/account/send: post: operationId: sendIdentityVerificationAccountToken tags: - Identities summary: Send password reset email description: | This API sends an email with the link to start Password Reset. After selecting the link an identity will be able to set up a new password. Emails expire after 2 hours. x-sailpoint-userLevels: - ORG_ADMIN - HELPDESK parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true - in: path name: id schema: type: string format: uuid required: true x-sailpoint-resource-operation-id: listIdentities description: Identity ID example: ef38f94347e94562b5bb8424a56397d8 requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SendAccountVerificationRequest' responses: '200': description: The email was successfully sent '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:password:user-invite /identities/process: post: operationId: startIdentityProcessing tags: - Identities summary: Process a list of identityids description: |- This operation should not be used to schedule your own identity processing or to perform system wide identity refreshes. The system will use a combination of [event-based processing](https://documentation.sailpoint.com/saas/help/setup/identity_processing.html?h=process#event-based-processing) and [scheduled processing](https://documentation.sailpoint.com/saas/help/setup/identity_processing.html?h=process#scheduled-processing) that runs every day at 8:00 AM and 8:00 PM in the tenant's timezone to keep your identities synchronized. This endpoint will perform the following tasks: 1. Calculate identity attributes, including applying or running any rules or transforms (e.g. calculate Lifecycle State at a point-in-time it's expected to change). 2. Evaluate role assignments, leading to assignment of new roles and removal of existing roles. 3. Enforce provisioning for any assigned accesses that haven't been fulfilled (e.g. failure due to source health). 4. Recalculate manager relationships. 5. Potentially clean-up identity processing errors, assuming the error has been resolved. externalDocs: description: Learn more about manually processing identities here url: https://documentation.sailpoint.com/saas/help/setup/identity_processing.html security: - userAuth: - idn:identity:manage - applicationAuth: - idn:identity:manage x-sailpoint-userLevels: - ORG_ADMIN - HELPDESK requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ProcessIdentitiesRequest' responses: '202': description: Object containing the DTO type TASK_RESULT and the job id for the task content: application/json: schema: $ref: '#/components/schemas/TaskResultResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /identity-attributes: get: operationId: listIdentityAttributes tags: - Identity Attributes summary: List identity attributes description: Use this API to get a collection of identity attributes. security: - userAuth: - idn:identity-profile-attribute:read - idn:identity-profile-attribute:manage - applicationAuth: - idn:identity-profile-attribute:read - idn:identity-profile-attribute:manage parameters: - in: query name: includeSystem schema: type: boolean default: false description: Include 'system' attributes in the response. required: false example: false - in: query name: includeSilent schema: type: boolean default: false description: Include 'silent' attributes in the response. required: false example: false - in: query name: searchableOnly schema: type: boolean default: false description: Include only 'searchable' attributes in the response. required: false example: false - $ref: '#/components/parameters/count' responses: '200': description: List of identity attributes. content: application/json: schema: type: array items: $ref: '#/components/schemas/IdentityAttribute-2' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createIdentityAttribute tags: - Identity Attributes summary: Create identity attribute description: Use this API to create a new identity attribute. security: - userAuth: - idn:identity-profile-attribute:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/IdentityAttribute-2' responses: '201': description: The identity attribute was created successfully. content: application/json: schema: $ref: '#/components/schemas/IdentityAttribute-2' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identity-attributes/{name}: get: operationId: getIdentityAttribute tags: - Identity Attributes summary: Get identity attribute description: This gets an identity attribute for a given technical name. security: - userAuth: - idn:identity-profile-attribute:read - idn:identity-profile-attribute:manage - applicationAuth: - idn:identity-profile-attribute:read - idn:identity-profile-attribute:manage parameters: - in: path name: name schema: type: string description: The attribute's technical name. required: true x-sailpoint-resource-operation-id: listIdentityAttributes example: displayName responses: '200': description: The identity attribute with the given name content: application/json: schema: $ref: '#/components/schemas/IdentityAttribute-2' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putIdentityAttribute tags: - Identity Attributes summary: Update identity attribute description: This updates an existing identity attribute. Making an attribute searchable requires that the `system`, `standard`, and `multi` properties be set to false. security: - userAuth: - idn:identity-profile-attribute:manage parameters: - in: path name: name schema: type: string description: The attribute's technical name. required: true x-sailpoint-resource-operation-id: listIdentityAttributes example: displayName requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/IdentityAttribute-2' responses: '200': description: The identity attribute was updated successfully content: application/json: schema: $ref: '#/components/schemas/IdentityAttribute-2' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteIdentityAttribute tags: - Identity Attributes summary: Delete identity attribute description: This deletes an identity attribute with the given name. The `system` and `standard` properties must be set to false before you can delete an identity attribute. security: - userAuth: - idn:identity-profile-attribute:manage parameters: - in: path name: name schema: type: string description: The attribute's technical name. required: true x-sailpoint-resource-operation-id: listIdentityAttributes example: displayName responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /identity-attributes/bulk-delete: delete: operationId: deleteIdentityAttributesInBulk tags: - Identity Attributes summary: Bulk delete identity attributes description: Use this API to bulk delete identity attributes for a given set of names. Attributes that are currently mapped in an identity profile cannot be deleted. The `system` and `standard` properties must be set to 'false' before you can delete an identity attribute. security: - userAuth: - idn:identity-profile-attribute:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/IdentityAttributeNames' responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /launchers: get: tags: - Launchers summary: List all launchers for tenant description: Return a list of Launchers for the authenticated tenant operationId: getLaunchers parameters: - name: filters in: query description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **description**: *sw* **disabled**: *eq* **name**: *sw* example: disabled eq "true" required: false schema: type: string - name: next in: query description: Pagination marker required: false schema: type: string example: eyJuZXh0IjoxMjN9Cg== - name: limit in: query description: Number of Launchers to return required: false schema: type: integer format: int32 minimum: 1 maximum: 100 default: 10 example: 42 responses: '200': description: List of Launchers content: application/json: schema: type: object properties: next: type: string description: Pagination marker items: type: array items: $ref: '#/components/schemas/Launcher' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:launcher-admin:read - sp:launcher-user:read x-sailpoint-userLevels: - ORG_ADMIN post: tags: - Launchers summary: Create launcher description: Create a Launcher with given information operationId: createLauncher requestBody: description: Payload to create a Launcher required: true content: application/json: schema: $ref: '#/components/schemas/LauncherRequest' responses: '201': description: Launcher created successfully content: application/json: schema: $ref: '#/components/schemas/Launcher' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:launcher-admin:write x-sailpoint-userLevels: - ORG_ADMIN /launchers/{launcherID}: get: tags: - Launchers summary: Get launcher by id description: Get details for the given Launcher ID operationId: getLauncher parameters: - name: launcherID in: path description: ID of the Launcher to be retrieved required: true x-sailpoint-resource-operation-id: getLaunchers schema: type: string format: uuid example: e3012408-8b61-4564-ad41-c5ec131c325b responses: '200': description: Launcher retrieved successfully content: application/json: schema: $ref: '#/components/schemas/Launcher' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:launcher-admin:read - sp:launcher-user:read x-sailpoint-userLevels: - ORG_ADMIN put: tags: - Launchers summary: Replace launcher description: Replace the given Launcher ID with given payload operationId: putLauncher parameters: - name: launcherID in: path description: ID of the Launcher to be replaced required: true x-sailpoint-resource-operation-id: getLaunchers schema: type: string format: uuid example: e3012408-8b61-4564-ad41-c5ec131c325b requestBody: description: Payload to replace Launcher required: true content: application/json: schema: $ref: '#/components/schemas/LauncherRequest' responses: '200': description: Launcher replaced successfully content: application/json: schema: $ref: '#/components/schemas/Launcher' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:launcher-admin:write x-sailpoint-userLevels: - ORG_ADMIN delete: tags: - Launchers summary: Delete launcher description: Delete the given Launcher ID operationId: deleteLauncher parameters: - name: launcherID in: path description: ID of the Launcher to be deleted required: true x-sailpoint-resource-operation-id: getLaunchers schema: type: string format: uuid example: e3012408-8b61-4564-ad41-c5ec131c325b responses: '204': description: Launcher deleted successfully '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:launcher-admin:delete x-sailpoint-userLevels: - ORG_ADMIN /launchers/{launcherID}/launch: post: tags: - Launchers summary: Launch a launcher description: Launch the given Launcher ID operationId: startLauncher parameters: - name: launcherID in: path description: ID of the Launcher to be launched required: true x-sailpoint-resource-operation-id: getLaunchers schema: type: string format: uuid example: e3012408-8b61-4564-ad41-c5ec131c325b responses: '200': description: Launcher launched successfully content: application/json: schema: type: object required: - interactiveProcessId properties: interactiveProcessId: type: string description: ID of the Interactive Process that was launched example: 5da68cfe-2d60-4b09-858f-0d03acd2f47a '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:launcher-user:launch x-sailpoint-userLevels: - ORG_ADMIN /mail-from-attributes: put: security: - userAuth: - sp:notification-mail-from-attributes:write operationId: putMailFromAttributes tags: - Notifications summary: Change mail from domain description: Change the MAIL FROM domain of an AWS SES email identity and provide the MX and TXT records to be placed in the caller's DNS requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/MailFromAttributesDto' example: identity: BobSmith@sailpoint.com mailFromDomain: example.sailpoint.com responses: '200': description: MAIL FROM Attributes required to verify the change content: application/json: schema: $ref: '#/components/schemas/MailFromAttributes' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /mail-from-attributes/{identity}: get: security: - userAuth: - sp:notification-mail-from-attributes:read operationId: getMailFromAttributes tags: - Notifications summary: Get mail from attributes description: Retrieve MAIL FROM attributes for a given AWS SES identity. parameters: - in: query name: id required: true schema: type: string description: Returns the MX and TXT record to be put in your DNS, as well as the MAIL FROM domain status example: bobsmith@sailpoint.com - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: MAIL FROM Attributes object content: application/json: schema: $ref: '#/components/schemas/MailFromAttributes' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /generic-approvals: get: security: - userAuth: - idn:access-request-approvals:read - idn:access-request-administration:read - idn:access-request-approvals:manage operationId: getApprovals tags: - Approvals summary: Get approvals description: |- Retrieve a list of approvals, which can be filtered by requester ID, status, or reference type. "Mine" query parameter can be used and it will return all approvals for the current approver. This endpoint is for generic approvals, different than the access-request-approval endpoint and does not include access-request-approvals. Absence of all query parameters will will default to mine=true. parameters: - in: query name: mine schema: type: boolean description: Returns the list of approvals for the current caller example: 'true' - in: query name: requesterId schema: type: string description: Returns the list of approvals for a given requester ID example: 17e633e7d57e481569df76323169deb6a - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **status**: *eq* **referenceType**: *eq* example: filters=status eq PENDING - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of Approvals content: application/json: schema: type: array items: $ref: '#/components/schemas/Approval-2' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /generic-approvals/{id}: get: security: - userAuth: - idn:access-request-approvals:read - idn:access-request-administration:read - idn:access-request-approvals:manage operationId: getApproval tags: - Approvals summary: Get an approval description: Retrieve a single approval for a given approval ID. This endpoint is for generic approvals, different than the access-request-approval endpoint and does not include access-request-approvals. parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: getApprovals schema: type: string description: ID of the approval that is to be returned example: 38453251-6be2-5f8f-df93-5ce19e295837 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Approval object content: application/json: schema: $ref: '#/components/schemas/Approval-2' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /machine-accounts: get: operationId: listMachineAccounts tags: - Machine Accounts summary: Machine accounts list description: 'This returns a list of machine accounts. ' security: - userAuth: - idn:mis-account:read x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - HELPDESK parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters required: false schema: type: string example: identityId eq "2c9180858082150f0180893dbaf44201" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in, sw* **name**: *eq, in, sw* **nativeIdentity**: *eq, in, sw* **machineIdentity**: *eq, in, sw* **description**: *eq, in, sw* **ownerIdentity**: *eq, in, sw* **ownerIdentityId**: *eq, in, sw* **entitlements**: *eq* **accessType**: *eq, in, sw* **subType**: *eq, in, sw* **environment**: *eq, in, sw* **classificationMethod**: *eq, in, sw* **manuallyCorrelated**: *eq* **manuallyEdited**: *eq* **identity**: *eq, in, sw* **source**: *eq, in* **hasEntitlement**: *eq* **locked**: *eq* **connectorAttributes**: *eq* - in: query name: sorters required: false schema: type: string format: comma-separated example: id,name description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, created, modified, machineIdentity, identity.id, nativeIdentity, uuid, manuallyCorrelated, connectorAttributes, entitlements, identity.name, identity.type, source.id, source.name, source.type** - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of machine account objects content: application/json: schema: type: array items: $ref: '#/components/schemas/MachineAccount' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /machine-accounts/{id}: get: operationId: getMachineAccount tags: - Machine Accounts summary: Machine account details description: 'Use this API to return the details for a single machine account by its ID. ' security: - userAuth: - idn:mis-account:read x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - HELPDESK parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listMachineAccounts description: Machine Account ID. example: ef38f94347e94562b5bb8424a56397d8 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Machine Account object. content: application/json: schema: $ref: '#/components/schemas/MachineAccount' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: updateMachineAccount tags: - Machine Accounts summary: Update a machine account description: | Use this API to update machine accounts details. security: - userAuth: - idn:mis-account:manage - applicationAuth: - idn:mis-account:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listMachineAccounts description: Machine Account ID. example: ef38f94347e94562b5bb8424a56397d8 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: required: true description: |- A JSON of updated values [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * description * ownerIdentity * subType * accessType * environment * attributes * classificationMethod * manuallyEdited * nativeIdentity * uuid * source * manuallyCorrelated * enabled * locked * hasEntitlements * connectorAttributes content: application/json-patch+json: schema: type: array items: type: object examples: Add machine identity attribute: value: - op: add path: /environment value: test Replace machine identity attribute: value: - op: replace path: /environment value: test Remove machine identity attribute: value: - op: remove path: /environment responses: '200': description: Updated Machine Account object. content: application/json: schema: $ref: '#/components/schemas/MachineAccount' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/machine-classification-config: get: operationId: getMachineClassificationConfig tags: - Machine Classification Config summary: Machine classification config for source description: This API returns a Machine Classification Config for a Source using Source ID. security: - userAuth: - idn:sources:read - idn:sources:manage - applicationAuth: - idn:sources:read - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - in: path name: id schema: type: string required: true description: Source ID example: ef38f94347e94562b5bb8424a56397d8 x-sailpoint-resource-operation-id: listSources responses: '200': description: A Config Object content: application/json: schema: $ref: '#/components/schemas/MachineClassificationConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: setMachineClassificationConfig tags: - Machine Classification Config summary: Update source's classification config description: Use this API to update Classification Config for a Source. A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - in: path name: id schema: type: string required: true description: Source ID. example: ef38f94347e94562b5bb8424a56397d8 x-sailpoint-resource-operation-id: listSources requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/MachineClassificationConfig' responses: '200': description: Updated Machine Classification Config Object. content: application/json: schema: $ref: '#/components/schemas/MachineClassificationConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteMachineClassificationConfig tags: - Machine Classification Config summary: Delete source's classification config description: |- Use this API to remove Classification Config for a Source. A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - in: path name: id schema: type: string required: true description: Source ID. example: ef38f94347e94562b5bb8424a56397d8 x-sailpoint-resource-operation-id: listSources responses: '200': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/machine-account-mappings: get: operationId: listMachineAccountMappings tags: - Machine Account Mappings summary: Machine account mapping for source description: Retrieves Machine account mappings for a specified source using Source ID. security: - userAuth: - idn:sources:read - idn:sources:manage - applicationAuth: - idn:sources:read - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - in: path name: id schema: type: string required: true description: Source ID example: ef38f94347e94562b5bb8424a56397d8 x-sailpoint-resource-operation-id: listSources responses: '200': description: An array of Attribute Mapping Objects content: application/json: schema: type: array items: $ref: '#/components/schemas/AttributeMappings' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createMachineAccountMappings tags: - Machine Account Mappings summary: Create machine account mappings security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SOURCE_SUBADMIN description: |- Creates Machine Account Mappings for both identities and accounts for a source. A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. parameters: - in: path name: id schema: type: string required: true description: Source ID. example: ef38f94347e94562b5bb8424a56397d8 x-sailpoint-resource-operation-id: listSources requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AttributeMappings' responses: '200': description: Newly created Attribute Mapping Object content: application/json: schema: type: array items: $ref: '#/components/schemas/AttributeMappings' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteMachineAccountMappings tags: - Machine Account Mappings summary: Delete source's machine account mappings description: |- Use this API to remove machine account attribute mappings for a Source. A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - in: path name: id schema: type: string required: true description: source ID. example: ef38f94347e94562b5bb8424a56397d8 x-sailpoint-resource-operation-id: listSources responses: '200': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{sourceId}/machine-mappings: put: operationId: setMachineAccountMappings tags: - Machine Account Mappings summary: Update Source's Machine Account Mappings description: Use this API to update Machine Account Attribute Mapping for a Source. A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN parameters: - in: path name: id schema: type: string required: true description: Source ID. example: ef38f94347e94562b5bb8424a56397d8 x-sailpoint-resource-operation-id: listSources requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AttributeMappings' responses: '200': description: Updated Machine Account Attributes for a Source. content: application/json: schema: type: array items: $ref: '#/components/schemas/AttributeMappings' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /accounts/{id}/classify: post: operationId: sendClassifyMachineAccount tags: - Machine Account Classify summary: Classify a Single Machine Account security: - userAuth: - idn:account:update - applicationAuth: - idn:account:update x-sailpoint-userLevels: - API - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN description: |- Use this API to classify a single machine account. A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. parameters: - in: path name: id schema: type: string required: true description: Account ID. x-sailpoint-resource-operation-id: listAccounts example: ef38f94347e94562b5bb8424a56397d8 - $ref: '#/components/parameters/ClassificationMode' responses: '200': description: Account classified as Machine. content: application/json: schema: type: object properties: isMachine: type: boolean description: Indicates if account is classified as machine default: false example: true '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /machine-identities: get: operationId: listMachineIdentities tags: - Machine Identities summary: List machine identities description: This API returns a list of machine identities. security: - userAuth: - idn:mis-identity:read - idn:mis-identity:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - HELPDESK parameters: - in: query name: filters required: false schema: type: string example: identityId eq "2c9180858082150f0180893dbaf44201" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in, sw* **displayName**: *eq, in, sw* **cisIdentityId**: *eq, in, sw* **businessApplication**: *eq, in, sw* **attributes**: *eq* **manuallyEdited**: *eq* - in: query name: sorters schema: type: string format: comma-separated required: false description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **businessApplication, name, owners.primaryIdentity.name, source.name, created, modified** example: businessApplication - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true - $ref: '#/components/parameters/count' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' responses: '200': description: List of machine identities. content: application/json: schema: type: array items: $ref: '#/components/schemas/MachineIdentity' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createMachineIdentity tags: - Machine Identities summary: Create machine identities security: - userAuth: - idn:mis-identity:manage - applicationAuth: - idn:mis-identity:manage x-sailpoint-userLevels: - ORG_ADMIN description: |- Use this API to create a machine identity. The maximum supported length for the description field is 2000 characters. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/MachineIdentity' responses: '200': description: Machine Identity created. content: application/json: schema: $ref: '#/components/schemas/MachineIdentity' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /machine-identities/{id}: get: operationId: getMachineIdentity tags: - Machine Identities summary: Machine identity details description: This API returns a single machine identity using the Machine Identity ID. security: - userAuth: - idn:mis-identity:read x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN - HELPDESK parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listMachineIdentities description: Machine Identity ID example: ef38f94347e94562b5bb8424a56397d8 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: A machine identity object content: application/json: schema: $ref: '#/components/schemas/MachineIdentity' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: updateMachineIdentity tags: - Machine Identities summary: Update a machine identity description: | Use this API to update machine identity details. security: - userAuth: - idn:mis-identity:manage - applicationAuth: - idn:mis-identity:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listMachineIdentities description: Machine Identity ID. example: ef38f94347e94562b5bb8424a56397d8 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: required: true description: A JSON of updated values [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. content: application/json-patch+json: schema: type: array items: type: object examples: Add machine identity attribute: value: - op: add path: /attributes/securityRisk value: medium Replace machine identity attribute: value: - op: replace path: /attributes/securityRisk value: medium Remove machine identity attribute: value: - op: remove path: /attributes/securityRisk responses: '200': description: Updated Machine Identity object. content: application/json: schema: $ref: '#/components/schemas/MachineIdentity' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteMachineIdentity tags: - Machine Identities summary: Delete machine identity description: The API returns successful response if the requested machine identity was deleted. security: - userAuth: - idn:mis-identity:manage - applicationAuth: - idn:mis-identity:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listMachineIdentities description: Machine Identity ID example: ef38f94347e94562b5bb8424a56397d8 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /notification-template-defaults: get: operationId: listNotificationTemplateDefaults tags: - Notifications summary: List notification template defaults description: This lists the default templates used for notifications, such as emails from IdentityNow. security: - userAuth: - idn:notification-template-defaults:read parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - in: query name: filters schema: type: string example: key eq "cloud_manual_work_item_summary" description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **key**: *eq, in, sw* **medium**: *eq, sw* **locale**: *eq, sw* - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: A list of the default template objects content: application/json: schema: type: array items: $ref: '#/components/schemas/TemplateDtoDefault' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /notification-templates: get: operationId: listNotificationTemplates tags: - Notifications summary: List notification templates description: This lists the templates that you have modified for your site. security: - userAuth: - idn:notification-templates:read x-sailpoint-userLevels: - ORG_ADMIN parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **key**: *eq, in, sw* **medium**: *eq, sw* **locale**: *eq, sw* example: medium eq "EMAIL" required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **key, name, medium** example: key, -name required: false - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: A list of template objects for your site content: application/json: schema: type: array items: $ref: '#/components/schemas/TemplateDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createNotificationTemplate tags: - Notifications summary: Create notification template description: | This will update notification templates that are available in your tenant. Note that you cannot create new templates in your tenant, but you can use this to create custom notifications from existing templates. First, copy the response body from the [get notification template endpoint](https://developer.sailpoint.com/idn/api/beta/get-notification-template) for a template you wish to update and paste it into the request body for this endpoint. Modify the fields you want to change and submit the POST request when ready. security: - userAuth: - idn:notification-templates:create x-sailpoint-userLevels: - ORG_ADMIN requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/TemplateDto' responses: '200': description: A template object for your site content: application/json: schema: $ref: '#/components/schemas/TemplateDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /notification-templates/{id}: get: operationId: getNotificationTemplate tags: - Notifications summary: Get notification template by id description: This gets a template that you have modified for your site by Id. parameters: - name: id in: path description: Id of the Notification Template required: true x-sailpoint-resource-operation-id: listNotificationTemplates style: simple explode: false schema: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: A template object for your site content: application/json: schema: $ref: '#/components/schemas/TemplateDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /notification-templates/bulk-delete: post: operationId: deleteNotificationTemplatesInBulk tags: - Notifications summary: Bulk delete notification templates description: This lets you bulk delete templates that you previously created for your site. Since this is a beta feature, please contact support to enable usage. security: - userAuth: - idn:notification-templates:delete requestBody: required: true content: application/json: schema: type: array items: $ref: '#/components/schemas/TemplateBulkDeleteDto' responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /org-config: get: operationId: getOrgConfig tags: - Org Config summary: Get org config settings security: - userAuth: - idn:org-configs:read - idn:org-configs:manage - applicationAuth: - idn:org-configs:read - idn:org-configs:manage x-sailpoint-userLevels: - ORG_ADMIN description: Get the current organization's configuration settings, only external accessible properties. responses: '200': description: Request succeeded. content: application/json: schema: $ref: '#/components/schemas/OrgConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true patch: operationId: patchOrgConfig tags: - Org Config summary: Patch org config security: - userAuth: - idn:org-configs:manage x-sailpoint-userLevels: - ORG_ADMIN description: Patch the current organization's configuration, using http://jsonpatch.com/ syntax. This is commonly used to changing an organization's time zone. requestBody: description: A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /timeZone value: America/Toronto required: true responses: '200': description: Successfully patched org config. content: application/json: schema: $ref: '#/components/schemas/OrgConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /org-config/valid-time-zones: get: operationId: getValidTimeZones tags: - Org Config summary: Get valid time zones security: - userAuth: - idn:org-configs:read - idn:org-configs-user:read - applicationAuth: - idn:org-configs:read - idn:org-configs-user:read x-sailpoint-userLevels: - ORG_ADMIN description: List the valid time zones that can be set in organization configurations. responses: '200': description: Request successful. content: application/json: schema: type: array items: type: string example: - Etc/GMT-6 - Etc/GMT+8 - EST - America/Chicago - America/Toronto - Asia/Gaza - Europe/Brussels - Europe/Kiev '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true - $ref: '#/components/parameters/limit50' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' /outlier-summaries: get: operationId: getIdentityOutlierSnapshots tags: - IAI Outliers summary: Iai identity outliers summary description: This API returns a summary containing the number of identities that customer has, the number of outliers, and the type of outlier. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - name: type in: query description: Type of the identity outliers snapshot to filter on required: false example: LOW_SIMILARITY schema: type: string enum: - LOW_SIMILARITY - STRUCTURAL - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **snapshotDate**: *ge, le* example: snapshotDate ge "2022-02-07T20:13:29.356648026Z" required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **snapshotDate** example: snapshotDate required: false - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns list of objects. Each object is a summary to give high level statistics/counts of outliers headers: X-Total-Count: description: The total result count. schema: type: integer content: application/json: schema: type: array items: $ref: '#/components/schemas/OutlierSummary' '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:outliers:read - iai:outliers:manage - applicationAuth: - iai:outliers:read - iai:outliers:manage x-sailpoint-userLevels: - ORG_ADMIN - REPORT_ADMIN /outlier-summaries/latest: get: operationId: getLatestIdentityOutlierSnapshots tags: - IAI Outliers summary: Iai identity outliers latest summary description: This API returns a most recent snapshot of each outlier type, each containing the number of identities that customer has, the number of outliers, and the type of outlier. parameters: - name: type in: query description: Type of the identity outliers snapshot to filter on required: false example: LOW_SIMILARITY schema: type: string enum: - LOW_SIMILARITY - STRUCTURAL - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns list of objects. Each object is a summary to give high level statistics/counts of outliers. content: application/json: schema: type: array items: $ref: '#/components/schemas/LatestOutlierSummary' '202': $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:outliers:read - iai:outliers:manage - applicationAuth: - iai:outliers:read - iai:outliers:manage x-sailpoint-userLevels: - ORG_ADMIN - REPORT_ADMIN /outliers: get: operationId: getIdentityOutliers tags: - IAI Outliers summary: Iai get identity outliers description: This API returns a list of outliers, containing data such as identity ID, outlier type, detection dates, identity attributes, if identity is ignored, and certification information. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - name: type in: query description: Type of the identity outliers snapshot to filter on required: false schema: type: string enum: - LOW_SIMILARITY - STRUCTURAL example: LOW_SIMILARITY - in: query name: filters required: false schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **attributes**: *eq, sw, co, in* **firstDetectionDate**: *ge, le* **certStatus**: *eq* **ignored**: *eq* **score**: *ge, le* example: attributes.displayName sw "John" and certStatus eq "false" - in: query name: sorters required: false schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **firstDetectionDate, attributes, score** example: attributes.displayName,firstDetectionDate,-score - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns list of objects. Each object contains information about outliers. headers: X-Total-Count: description: The total result count. schema: type: integer content: application/json: schema: type: array items: $ref: '#/components/schemas/Outlier' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:outliers:read - iai:outliers:manage - applicationAuth: - iai:outliers:read - iai:outliers:manage x-sailpoint-userLevels: - ORG_ADMIN - REPORT_ADMIN /outliers/{outlierId}/contributing-features: get: operationId: getPeerGroupOutliersContributingFeatures tags: - IAI Outliers summary: Get identity outlier's contibuting features description: | This API returns a list of contributing feature objects for a single outlier. The object contains: feature name, feature value type, value, importance, display name (translated text or message key), description (translated text or message key), translation messages object. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - name: include-translation-messages in: query description: Whether or not to include translation messages object in returned response required: false schema: type: string example: include-translation-messages= - in: path example: 2c918085842e69ae018432d22ccb212f name: outlierId schema: type: string required: true x-sailpoint-resource-operation-id: getIdentityOutliers description: The outlier id - in: query name: sorters required: false schema: type: string format: comma-separated example: importance description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **importance** - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns list of objects. Each object contains a feature and metadata about that feature. headers: X-Total-Count: description: The total result count. schema: type: integer accept-language: description: The locale to use for translations for displayName and description text schema: type: string content: application/json: schema: type: array items: $ref: '#/components/schemas/OutlierContributingFeature' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:outliers:read - iai:outliers:manage - applicationAuth: - iai:outliers:read - iai:outliers:manage x-sailpoint-userLevels: - ORG_ADMIN - REPORT_ADMIN /outliers/{outlierId}/feature-details/{contributingFeatureName}/access-items: get: operationId: listOutliersContributingFeatureAccessItems tags: - IAI Outliers summary: Gets a list of access items associated with each identity outlier contributing feature description: | This API returns a list of the enriched access items associated with each feature filtered by the access item type. The object contains: accessItemId, display name (translated text or message key), description (translated text or message key), accessType, sourceName, extremelyRare. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: path name: outlierId schema: type: string required: true x-sailpoint-resource-operation-id: getIdentityOutliers description: The outlier id example: 2c918085842e69ae018432d22ccb212f - in: path name: contributingFeatureName schema: type: string enum: - radical_entitlement_count - entitlement_count - max_jaccard_similarity - mean_max_bundle_concurrency - single_entitlement_bundle_count - peerless_score required: true description: The name of contributing feature example: entitlement_count - in: query name: accessType required: false schema: type: string description: The type of access item for the identity outlier contributing feature. If not provided, it returns all. example: ENTITLEMENT - in: query name: sorters required: false schema: type: string format: comma-separated example: displayName description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **displayName** - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: The list of access items. content: application/json: schema: type: array items: $ref: '#/components/schemas/OutliersContributingFeatureAccessItems' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:outliers:read - iai:outliers:manage - applicationAuth: - iai:outliers:read - iai:outliers:manage x-sailpoint-userLevels: - ORG_ADMIN - REPORT_ADMIN /outliers/ignore: post: operationId: ignoreIdentityOutliers tags: - IAI Outliers summary: Iai identity outliers ignore description: This API receives a list of identity IDs in the request, changes the outliers to be ignored. requestBody: required: true content: application/json: schema: type: array items: type: string description: List of identity IDs to ignore from outlier listing example: - 897ef96559df40e1baa6bae6b53e7340 - 2c918085837fbfb4018384420dac60c3 responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true security: - userAuth: - iai:outliers:manage - applicationAuth: - iai:outliers:manage x-sailpoint-userLevels: - ORG_ADMIN - REPORT_ADMIN /outliers/unignore: post: operationId: unIgnoreIdentityOutliers tags: - IAI Outliers summary: Iai identity outliers unignore description: This API receives a list of identity IDs in the request, changes the outliers to be un-ignored. requestBody: required: true content: application/json: schema: type: array items: type: string description: List of identity IDs to un-ignore from outlier listing example: - 897ef96559df40e1baa6bae6b53e7340 - 2c918085837fbfb4018384420dac60c3 responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true security: - userAuth: - iai:outliers:manage - applicationAuth: - iai:outliers:manage x-sailpoint-userLevels: - ORG_ADMIN - REPORT_ADMIN /outliers/export: get: operationId: exportOutliersZip tags: - IAI Outliers summary: Iai identity outliers export description: | This API exports a list of ignored outliers to a CSV as well as list of non-ignored outliers to a CSV. These two CSVs will be zipped and exported. Columns will include: identityId, type, firstDetectionDate, latestDetectionDate, ignored, & attributes (defined set of identity attributes). parameters: - name: type in: query description: Type of the identity outliers snapshot to filter on required: false example: LOW_SIMILARITY schema: type: string enum: - LOW_SIMILARITY - STRUCTURAL - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns zip of two CSVs to download. One CSV for ignored outliers and the other for non-ignored outliers. content: application/zip: schema: type: string format: binary '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:outliers:read - iai:outliers:manage - applicationAuth: - iai:outliers:read - iai:outliers:manage x-sailpoint-userLevels: - ORG_ADMIN - REPORT_ADMIN /outlier-feature-summaries/{outlierFeatureId}: get: operationId: getOutlierContributingFeatureSummary tags: - IAI Outliers summary: Get identity outlier contibuting feature summary description: | This API returns a summary of a contributing feature for an identity outlier. The object contains: contributing feature name (translated text or message key), identity outlier display name, feature values, feature definition and explanation (translated text or message key), peer display name and identityId, access item reference, translation messages object. parameters: - in: path name: outlierFeatureId schema: type: string required: true x-sailpoint-resource-operation-id: getPeerGroupOutliersContributingFeatures description: Contributing feature id example: 04654b66-7561-4090-94f9-abee0722a1af - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns selected contributing feature summary for an outlier. headers: accept-language: description: The locale to use for translations schema: type: string content: application/json: schema: $ref: '#/components/schemas/OutlierFeatureSummary' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:outliers:read - iai:outliers:manage - applicationAuth: - iai:outliers:read - iai:outliers:manage x-sailpoint-userLevels: - ORG_ADMIN - REPORT_ADMIN /peer-group-strategies/{strategy}/identity-outliers: get: operationId: getPeerGroupOutliers tags: - IAI Peer Group Strategies summary: Identity outliers list deprecated: true description: '-- Deprecated : See ''IAI Outliers'' This API will be used by Identity Governance systems to identify identities that are not included in an organization''s peer groups. By default, 250 identities are returned. You can specify between 1 and 1000 number of identities that can be returned.' parameters: - in: path name: strategy schema: type: string enum: - entitlement required: true description: The strategy used to create peer groups. Currently, 'entitlement' is supported. example: entitlement - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of identities that are not included in peer groups. content: application/json: schema: type: array items: $ref: '#/components/schemas/PeerGroupMember' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: [] /notification-template-context: get: operationId: getNotificationsTemplateContext tags: - Notifications summary: Get notification template context description: |- The notification service maintains metadata to construct the notification templates or supply any information during the event propagation. The data-store where this information is retrieved is called "Global Context" (a.k.a. notification template context). It defines a set of attributes that will be available per tenant (organization). security: - userAuth: - idn:notification-templates:read responses: '200': description: Notification template context attributes for a specific tenant. content: application/json: schema: $ref: '#/components/schemas/NotificationTemplateContext' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /notification-preferences/{key}: get: operationId: listNotificationPreferences tags: - Notifications summary: List notification preferences for tenant. description: Returns a list of notification preferences for tenant. security: - userAuth: - idn:notification-preferences:read responses: '200': description: Return preference for the given notification key. content: application/json: schema: $ref: '#/components/schemas/PreferencesDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /reassignment-configurations/types: get: operationId: getReassignmentConfigTypes tags: - Work Reassignment summary: List reassignment config types description: Gets a collection of types which are available in the Reassignment Configuration UI. security: - userAuth: - idn:reassignment-configuration:read - idn:reassignment-configuration:manage responses: '200': description: List of Reassignment Configuration Types content: application/json: schema: type: array items: $ref: '#/components/schemas/ConfigType' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /reassignment-configurations: get: operationId: listReassignmentConfigurations tags: - Work Reassignment summary: List reassignment configurations description: Gets all Reassignment configuration for the current org. security: - userAuth: - idn:reassignment-configuration:read - idn:reassignment-configuration:manage responses: '200': description: A list of Reassignment Configurations for an org content: application/json: schema: type: array items: $ref: '#/components/schemas/ConfigurationResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true post: operationId: createReassignmentConfiguration tags: - Work Reassignment summary: Create a reassignment configuration description: Creates a new Reassignment Configuration for the specified identity. security: - userAuth: - idn:reassignment-configuration:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ConfigurationItemRequest' responses: '201': description: The newly created Reassignment Configuration object content: application/json: schema: $ref: '#/components/schemas/ConfigurationItemResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /reassignment-configurations/{identityId}: get: operationId: getReassignmentConfiguration tags: - Work Reassignment summary: Get reassignment configuration description: Gets the Reassignment Configuration for an identity. security: - userAuth: - idn:reassignment-configuration:read - idn:reassignment-configuration:manage parameters: - in: path name: identityId schema: type: string description: unique identity id required: true x-sailpoint-resource-operation-id: listIdentities example: 2c91808781a71ddb0181b9090b5c504f - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Reassignment Configuration for an identity content: application/json: schema: $ref: '#/components/schemas/ConfigurationResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putReassignmentConfig tags: - Work Reassignment summary: Update reassignment configuration description: Replaces existing Reassignment configuration for an identity with the newly provided configuration. security: - userAuth: - idn:reassignment-configuration:manage parameters: - in: path name: identityId schema: type: string description: unique identity id required: true x-sailpoint-resource-operation-id: listIdentities example: 2c91808781a71ddb0181b9090b5c504e - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ConfigurationItemRequest' responses: '200': description: Reassignment Configuration updated content: application/json: schema: $ref: '#/components/schemas/ConfigurationItemResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /reassignment-configurations/{identityId}/{configType}: delete: operationId: deleteReassignmentConfiguration tags: - Work Reassignment summary: Delete reassignment configuration description: Deletes a single reassignment configuration for the specified identity security: - userAuth: - idn:reassignment-configuration:manage parameters: - in: path name: identityId schema: type: string description: unique identity id required: true x-sailpoint-resource-operation-id: listIdentities example: 2c91808781a71ddb0181b9090b5c504e - in: path name: configType schema: $ref: '#/components/schemas/ConfigTypeEnum' required: true - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '204': description: Reassignment Configuration deleted '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /reassignment-configurations/{identityId}/evaluate/{configType}: get: operationId: getEvaluateReassignmentConfiguration tags: - Work Reassignment summary: Evaluate reassignment configuration description: Evaluates the Reassignment Configuration for an `Identity` to determine if work items for the specified type should be reassigned. If a valid Reassignment Configuration is found for the identity & work type, then a lookup is initiated which recursively fetches the Reassignment Configuration for the next `TargetIdentity` until no more results are found or a max depth of 5. That lookup trail is provided in the response and the final reassigned identity in the lookup list is returned as the `reassignToId` property. If no Reassignment Configuration is found for the specified identity & config type then the requested Identity ID will be used as the `reassignToId` value and the lookupTrail node will be empty. security: - userAuth: - idn:reassignment-configuration:manage parameters: - in: path name: identityId required: true x-sailpoint-resource-operation-id: listIdentities schema: type: string description: unique identity id example: 2c91808781a71ddb0181b9090b5c504e - in: path name: configType required: true schema: $ref: '#/components/schemas/ConfigTypeEnum' description: Reassignment work type example: accessRequests - in: query name: exclusionFilters required: false schema: type: array items: type: string description: 'Exclusion filters that disable parts of the reassignment evaluation. Possible values are listed below: - `SELF_REVIEW_DELEGATION`: This will exclude delegations of self-review reassignments' example: SELF_REVIEW_DELEGATION - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Evaluated Reassignment Configuration content: application/json: schema: type: array items: $ref: '#/components/schemas/EvaluateResponse' examples: empty: $ref: '#/components/examples/evaluateEmpty' longTrail: $ref: '#/components/examples/evaluateLong' selfReview: $ref: '#/components/examples/evaluateSelfReview' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /reassignment-configurations/tenant-config: get: operationId: getTenantConfigConfiguration tags: - Work Reassignment summary: Get tenant-wide reassignment configuration settings description: Gets the global Reassignment Configuration settings for the requestor's tenant. security: - userAuth: - idn:reassignment-tenant-configuration:read responses: '200': description: Tenant-wide Reassignment Configuration settings content: application/json: schema: $ref: '#/components/schemas/TenantConfigurationResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true put: operationId: putTenantConfiguration tags: - Work Reassignment summary: Update tenant-wide reassignment configuration settings description: Replaces existing Tenant-wide Reassignment Configuration settings with the newly provided settings. security: - userAuth: - idn:reassignment-tenant-configuration:update requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/TenantConfigurationRequest' responses: '200': description: Tenant-wide Reassignment Configuration settings content: application/json: schema: $ref: '#/components/schemas/TenantConfigurationResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /recommendations/request: post: operationId: getRecommendations summary: Returns recommendation based on object tags: - IAI Recommendations description: The getRecommendations API returns recommendations based on the requested object. The recommendations are invoked by IdentityIQ and IdentityNow plug-ins that retrieve recommendations based on the performed calculations. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/RecommendationRequestDto' responses: '200': description: The recommendations for a customer content: application/json: schema: $ref: '#/components/schemas/RecommendationResponseDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:decisions:manage x-sailpoint-userLevels: - Any parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /recommendations/config: get: operationId: getRecommendationsConfig summary: Get certification recommendation config values tags: - IAI Recommendations description: Retrieves configuration attributes used by certification recommendations. responses: '200': description: Cert recommendation configuration attributes content: application/json: schema: $ref: '#/components/schemas/RecommendationConfigDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:configuration:read x-sailpoint-userLevels: - ORG_ADMIN parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true put: operationId: updateRecommendationsConfig summary: Update certification recommendation config values tags: - IAI Recommendations description: Updates configuration attributes used by certification recommendations. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/RecommendationConfigDto' responses: '200': description: Cert recommendation configuration attributes after update content: application/json: schema: $ref: '#/components/schemas/RecommendationConfigDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:configuration:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /role-insights/requests: post: operationId: createRoleInsightRequests summary: Generate insights for roles deprecated: true tags: - Role Insights description: Submits a create role insights request to the role insights application. At this time there are no parameters. All business roles will be processed for the customer. responses: '201': description: Submitted a role insights generation request content: application/json: schema: $ref: '#/components/schemas/RoleInsightsResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true security: - userAuth: - iai:role-insights - applicationAuth: - iai:role-insights /role-insights/requests/{id}: get: operationId: getRoleInsightsRequests summary: Returns metadata from prior request. deprecated: true tags: - Role Insights description: 'This endpoint returns details of a prior role insights request. ' parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: getRoleInsights description: The role insights request id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns details of an earlier role insights request. content: application/json: schema: $ref: '#/components/schemas/RoleInsightsResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:role-insights - applicationAuth: - iai:role-insights /role-insights/summary: get: operationId: getRoleInsightsSummary summary: Get role insights summary information tags: - Role Insights description: This method returns high level summary information for role insights for a customer. responses: '200': description: Succeeded. Returns high level counts. content: application/json: schema: $ref: '#/components/schemas/RoleInsightsSummary' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true security: - userAuth: - iai:role-insights - applicationAuth: - iai:role-insights /role-insights: get: operationId: getRoleInsights summary: Get role insights tags: - Role Insights description: This method returns detailed role insights for each role. parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - name: sorters in: query description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **numberOfUpdates, identitiesWithAccess, totalNumberOfIdentities** example: numberOfUpdates required: false style: form explode: true schema: type: string - name: filters in: query description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **name**: *sw* **ownerName**: *sw* **description**: *sw* required: false style: form explode: true example: name sw "John" schema: type: string - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns a list of roles with information about insights for each role. content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleInsight' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:role-insights - applicationAuth: - iai:role-insights /role-insights/{insightId}: get: operationId: getRoleInsight summary: Get a single role insight tags: - Role Insights description: This endpoint gets role insights information for a role. parameters: - in: path name: insightId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleInsights description: The role insight id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns information about insights for a single role. content: application/json: schema: $ref: '#/components/schemas/RoleInsight' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:role-insights - applicationAuth: - iai:role-insights /role-insights/{insightId}/entitlement-changes: get: operationId: getRoleInsightsEntitlementsChanges summary: Get entitlement insights for a role tags: - Role Insights description: This endpoint returns entitlement insights for a role. parameters: - in: path name: insightId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleInsights description: The role insight id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: query name: sorters description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **identitiesWithAccess, name** required: false style: form explode: true schema: type: string - in: query name: filters description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **name**: *sw* **description**: *sw* required: false style: form example: name sw "Admin" explode: true schema: type: string - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns a list of entitlements to be added for a role. content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleInsightsEntitlementChanges' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:role-insights - applicationAuth: - iai:role-insights /role-insights/{insightId}/entitlement-changes/download: get: operationId: downloadRoleInsightsEntitlementsChanges summary: Download entitlement insights for a role tags: - Role Insights description: This endpoint returns the entitlement insights for a role. parameters: - in: path name: insightId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleInsights description: The role insight id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: query name: sorters description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **identitiesWithAccess** The default sort is **identitiesWithAccess** in descending order. required: false example: identitiesWithAccess style: form explode: true schema: type: string - in: query name: filters description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **name**: *sw* **description**: *sw* example: name sw "r" required: false style: form explode: true schema: type: string - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns a csv file containing a list of entitlements to be added for a role. content: text/csv: schema: type: string '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:role-insights - applicationAuth: - iai:role-insights /role-insights/{insightId}/current-entitlements: get: operationId: getRoleInsightsCurrentEntitlements summary: Get current entitlement for a role tags: - Role Insights description: This endpoint gets the entitlements for a role. The term "current" is to distinguish from the entitlement(s) an insight might recommend adding. parameters: - in: path name: insightId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleInsights description: The role insight id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: query name: filters description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **name**: *sw* **description**: *sw* example: name sw "r" required: false style: form explode: true schema: type: string - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns a list of current or pre-existing entitlements for a role. content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleInsightsEntitlement' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:role-insights - applicationAuth: - iai:role-insights /role-insights/{insightId}/entitlement-changes/{entitlementId}/identities: get: operationId: getEntitlementChangesIdentities summary: Get identities for a suggested entitlement (for a role) tags: - Role Insights description: Role insights suggests entitlements to be added for a role. This endpoint returns a list of identities in the role, with or without the entitlements, for a suggested entitlement so that the user can see which identities would be affected if the suggested entitlement were to be added to the role. parameters: - in: path name: insightId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleInsights description: The role insight id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: path name: entitlementId schema: type: string required: true x-sailpoint-resource-operation-id: listEntitlements description: The entitlement id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: query name: hasEntitlement description: Identity has this entitlement or not required: false style: form explode: true schema: type: boolean default: false - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - in: query name: sorters description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name** example: name required: false style: form explode: true schema: type: string - in: query name: filters description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **name**: *sw* example: name sw "Jan" required: false style: form explode: true schema: type: string - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns a list of identities with or without the entitlement. content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleInsightsIdentities' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:role-insights - applicationAuth: - iai:role-insights /role-mining-sessions: post: operationId: createRoleMiningSessions summary: Create a role mining session tags: - IAI Role Mining description: This submits a create role mining session request to the role mining application. requestBody: description: Role mining session parameters required: true content: application/json: schema: $ref: '#/components/schemas/RoleMiningSessionDto' responses: '201': description: Submitted a role mining session request content: application/json: schema: $ref: '#/components/schemas/RoleMiningSessionResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true security: - userAuth: - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:manage get: operationId: getRoleMiningSessions summary: Retrieves all role mining sessions tags: - IAI Role Mining description: Returns all role mining sessions that match the query parameters parameters: - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **saved**: *eq* **name**: *eq, sw* example: saved eq "true" and name sw "RM Session" - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **createdBy, createdDate** example: createdBy,createdDate - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns all role mining sessions that match the query parameters. content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleMiningSessionDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:access-modeling:read - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:read - iai:access-modeling:manage /role-mining-sessions/{sessionId}: patch: operationId: patchRoleMiningSession summary: Patch a role mining session tags: - IAI Role Mining description: The method updates an existing role mining session using PATCH. Supports op in {"replace"} and changes to pruneThreshold and/or minNumIdentitiesInPotentialRole. The potential roles in this role mining session is then re-calculated. parameters: - in: path name: sessionId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleMiningSessions description: The role mining session id to be patched example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: required: true description: Replace pruneThreshold and/or minNumIdentitiesInPotentialRole in role mining session. Update saved status or saved name for a role mining session. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /pruneThreshold value: '83' - op: replace path: /minNumIdentitiesInPotentialRole value: '10' - op: replace path: /saved value: 'false' - op: replace path: /name value: RM Session - 07/10/22 - op: add path: /name value: RM Session - 07/10/22 responses: '202': description: Success $ref: '#/components/responses/202' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:manage get: operationId: getRoleMiningSession summary: Get a role mining session tags: - IAI Role Mining description: The method retrieves a role mining session. parameters: - in: path name: sessionId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleMiningSessions description: The role mining session id to be retrieved. example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Returns a role mining session content: application/json: schema: $ref: '#/components/schemas/RoleMiningSessionResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/400' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:access-modeling:read - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:read - iai:access-modeling:manage /role-mining-sessions/{sessionId}/status: get: operationId: getRoleMiningSessionStatus summary: Get role mining session status state tags: - IAI Role Mining description: This method returns a role mining session status for a customer. parameters: - in: path name: sessionId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleMiningSessions description: The role mining session id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns session status content: application/json: schema: $ref: '#/components/schemas/RoleMiningSessionStatus' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:access-modeling:read - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:read - iai:access-modeling:manage /role-mining-sessions/{sessionId}/potential-role-summaries: get: operationId: getPotentialRoleSummaries summary: Retrieves all potential role summaries tags: - IAI Role Mining description: This method returns the potential role summaries for a role mining session. parameters: - in: path name: sessionId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleMiningSessions description: The role mining session id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: query name: sorters required: false style: form explode: true schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **createdDate** example: createdDate - in: query name: filters description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **createdById**: *eq, sw, co* **createdByName**: *eq, sw, co* **description**: *sw, co* **endDate**: *le, lt* **freshness**: *eq, ge, gt, le, lt* **name**: *eq, sw, co* **quality**: *eq, ge, gt, le, lt* **startDate**: *ge, gt* **saved**: *eq* **type**: *eq* example: (createdByName co "int")and (createdById sw "2c9180907")and (type eq "COMMON")and ((name co "entt")or (saved eq true)) required: false style: form explode: true schema: type: string - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns a list of potential role summaries for a role mining session. content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleMiningPotentialRoleSummary' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:access-modeling:read - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:read - iai:access-modeling:manage /role-mining-sessions/{sessionId}/potential-role-summaries/{potentialRoleId}: get: operationId: getPotentialRole summary: Retrieves a specific potential role tags: - IAI Role Mining description: This method returns a specific potential role for a role mining session. parameters: - in: path name: sessionId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleMiningSessions description: The role mining session id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: path name: potentialRoleId schema: type: string required: true x-sailpoint-resource-operation-id: getPotentialRoleSummaries description: A potential role id in a role mining session example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns a list of potential roles for a role mining session. content: application/json: schema: $ref: '#/components/schemas/RoleMiningPotentialRole' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:access-modeling:read - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:read - iai:access-modeling:manage patch: operationId: patchPotentialRole summary: Update a potential role tags: - IAI Role Mining description: | The method updates an existing potential role using. The following fields can be modified: * `description` * `name` * `saved` >**NOTE: All other fields cannot be modified.** parameters: - in: path name: sessionId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleMiningSessions description: The role mining session id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: path name: potentialRoleId schema: type: string required: true x-sailpoint-resource-operation-id: getPotentialRoleSummaries description: The potential role summary id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: required: true content: application/json-patch+json: schema: type: array items: allOf: - $ref: '#/components/schemas/JsonPatchOperation' properties: op: type: string description: The operation to be performed enum: - remove - replace example: replace example: - op: remove path: /description - op: replace path: /description value: Acct I - Potential Role - op: remove path: /saved - op: replace path: /saved value: 'false' - op: remove path: /name - op: replace path: /name value: Potential Role Accounting responses: '200': description: Succeeded. Returns the potential role summary based on the potentialRoleId provided. content: application/json: schema: type: object items: $ref: '#/components/schemas/RoleMiningPotentialRole' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: [] /role-mining-sessions/{sessionId}/potential-role-summaries/{potentialRoleId}/applications: get: operationId: getPotentialRoleApplications summary: Retrieves the applications of a potential role for a role mining session tags: - IAI Role Mining description: This method returns the applications of a potential role for a role mining session. parameters: - in: query name: filters schema: type: string required: false description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **applicationName**: *sw* example: applicationName sw "test" - in: path name: sessionId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleMiningSessions description: The role mining session id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: path name: potentialRoleId schema: type: string required: true x-sailpoint-resource-operation-id: getPotentialRoleSummaries description: A potential role id in a role mining session example: 62f28d91-7d9f-4d17-be15-666d5b41d77f - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns a list of potential roles for a role mining session. content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleMiningPotentialRoleApplication' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:access-modeling:read - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:read - iai:access-modeling:manage x-sailpoint-userLevels: - ORG_ADMIN /role-mining-sessions/{sessionId}/potential-role-summaries/{potentialRoleId}/entitlements: get: operationId: getPotentialRoleEntitlements summary: Retrieves the entitlements of a potential role for a role mining session tags: - IAI Role Mining description: This method returns the entitlements of a potential role for a role mining session. parameters: - in: query name: filters schema: type: string required: false description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **entitlementRef.name**: *sw* example: entitlementRef.name sw "test" - in: path name: sessionId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleMiningSessions description: The role mining session id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: path name: potentialRoleId schema: type: string required: true x-sailpoint-resource-operation-id: getPotentialRoleSummaries description: A potential role id in a role mining session example: 62f28d91-7d9f-4d17-be15-666d5b41d77f - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns the entitlements of a potential role for a role mining session. session. content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleMiningPotentialRoleEntitlements' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:access-modeling:read - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:read - iai:access-modeling:manage x-sailpoint-userLevels: - ORG_ADMIN /role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/entitlement-popularities: get: operationId: getEntitlementsPotentialRole summary: Retrieves entitlements for a potential role in a role mining session tags: - IAI Role Mining description: This method returns entitlements for a potential role in a role mining session. parameters: - in: path name: sessionId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleMiningSessions description: The role mining session id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: path name: potentialRoleId schema: type: string required: true x-sailpoint-resource-operation-id: getPotentialRoleSummaries description: A potential role id in a role mining session example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: query name: includeCommonAccess description: Boolean determining whether common access entitlements will be included or not example: true required: false style: form explode: true schema: type: boolean default: true - in: query name: sorters description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **popularity, entitlementName, applicationName** The default sort is **popularity** in descending order. example: popularity required: false style: form explode: true schema: type: string - in: query name: filters description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **applicationName**: *sw* **entitlementRef.name**: *sw* example: applicationName sw "AD" required: false style: form explode: true schema: type: string - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns a list of entitlements for a potential role. content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleMiningEntitlement' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:access-modeling:read - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:read - iai:access-modeling:manage /role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/entitlement-popularity-distribution: get: operationId: getEntitlementDistributionPotentialRole summary: Retrieves entitlement popularity distribution for a potential role in a role mining session tags: - IAI Role Mining description: This method returns entitlement popularity distribution for a potential role in a role mining session. parameters: - in: path name: sessionId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleMiningSessions description: The role mining session id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: path name: potentialRoleId schema: type: string required: true x-sailpoint-resource-operation-id: getPotentialRoleSummaries description: A potential role id in a role mining session example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: query name: includeCommonAccess description: Boolean determining whether common access entitlements will be included or not required: false style: form explode: true schema: type: boolean - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns a map containing entitlement popularity distribution for a potential role. content: application/json: schema: type: object additionalProperties: type: integer '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:access-modeling:read - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:read - iai:access-modeling:manage /role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/edit-entitlements: post: operationId: updateEntitlementsPotentialRole summary: Edit entitlements for a potential role to exclude some entitlements tags: - IAI Role Mining description: This endpoint adds or removes entitlements from an exclusion list for a potential role. parameters: - in: path name: sessionId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleMiningSessions description: The role mining session id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: path name: potentialRoleId schema: type: string required: true x-sailpoint-resource-operation-id: getPotentialRoleSummaries description: A potential role id in a role mining session example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: description: Role mining session parameters required: true content: application/json: schema: $ref: '#/components/schemas/RoleMiningPotentialRoleEditEntitlements' responses: '201': description: Adds or removes entitlements from a potential role's entitlement exclusion list. content: application/json: schema: $ref: '#/components/schemas/RoleMiningPotentialRole' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:manage /role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/identities: get: operationId: getIdentitiesPotentialRole summary: Retrieves identities for a potential role in a role mining session tags: - IAI Role Mining description: This method returns identities for a potential role in a role mining session. parameters: - in: path name: sessionId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleMiningSessions description: The role mining session id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: path name: potentialRoleId schema: type: string required: true x-sailpoint-resource-operation-id: getPotentialRoleSummaries description: A potential role id in a role mining session example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: query name: sorters description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name** required: false style: form explode: true example: name schema: type: string - in: query name: filters description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **name**: *sw* required: false style: form explode: true schema: type: string - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns a list of identities for a potential role. content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleMiningIdentity' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:access-modeling:read - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:read - iai:access-modeling:manage /role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export: get: operationId: exportRoleMiningPotentialRole summary: Export (download) details for a potential role in a role mining session tags: - IAI Role Mining description: This endpoint downloads all the information for a potential role in a role mining session. Includes identities and entitlements in the potential role. parameters: - in: path name: sessionId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleMiningSessions description: The role mining session id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: path name: potentialRoleId schema: type: string required: true x-sailpoint-resource-operation-id: getPotentialRoleSummaries description: A potential role id in a role mining session example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns a zip file containing csv files for identities and entitlements for the potential role. content: application/zip: schema: type: string format: binary '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:access-modeling:read - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:read - iai:access-modeling:manage /role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export-async: post: operationId: exportRoleMiningPotentialRoleAsync summary: Asynchronously export details for a potential role in a role mining session and upload to S3 tags: - IAI Role Mining description: This endpoint uploads all the information for a potential role in a role mining session to S3 as a downloadable zip archive. Includes identities and entitlements in the potential role. parameters: - in: path name: sessionId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleMiningSessions description: The role mining session id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: path name: potentialRoleId schema: type: string required: true x-sailpoint-resource-operation-id: getPotentialRoleSummaries description: A potential role id in a role mining session example: 278359a6-04b7-4669-9468-924cf580964a - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleMiningPotentialRoleExportRequest' responses: '202': description: Job Submitted. Returns a reportId that can be used to download the zip once complete content: application/json: schema: $ref: '#/components/schemas/RoleMiningPotentialRoleExportResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:manage /role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export-async/{exportId}: get: operationId: exportRoleMiningPotentialRoleStatus summary: Retrieve status of a potential role export job tags: - IAI Role Mining description: This endpoint retrieves information about the current status of a potential role export. parameters: - in: path name: sessionId schema: type: string format: uuid required: true x-sailpoint-resource-operation-id: getRoleMiningSessions description: The role mining session id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: path name: potentialRoleId schema: type: string format: uuid required: true x-sailpoint-resource-operation-id: getPotentialRoleSummaries description: A potential role id in a role mining session example: 278359a6-04b7-4669-9468-924cf580964a - in: path name: exportId schema: type: string format: uuid required: true x-sailpoint-resource-operation-id: exportRoleMiningPotentialRoleAsync description: The id of a previously run export job for this potential role example: 4940ffd4-836f-48a3-b2b0-6d498c3fdf40 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Success. Returns the current status of this export content: application/json: schema: $ref: '#/components/schemas/RoleMiningPotentialRoleExportResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:access-modeling:read - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:read - iai:access-modeling:manage /role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/export-async/{exportId}/download: get: operationId: downloadRoleMiningPotentialRoleZip summary: Export (download) details for a potential role in a role mining session tags: - IAI Role Mining description: This endpoint downloads a completed export of information for a potential role in a role mining session. parameters: - in: path name: sessionId schema: type: string format: uuid required: true x-sailpoint-resource-operation-id: getRoleMiningSessions description: The role mining session id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: path name: potentialRoleId schema: type: string format: uuid required: true x-sailpoint-resource-operation-id: getPotentialRoleSummaries description: A potential role id in a role mining session example: 278359a6-04b7-4669-9468-924cf580964a - in: path name: exportId schema: type: string format: uuid required: true x-sailpoint-resource-operation-id: exportRoleMiningPotentialRoleAsync description: The id of a previously run export job for this potential role example: 4940ffd4-836f-48a3-b2b0-6d498c3fdf40 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns a zip file containing csv files for identities and entitlements for the potential role. content: application/zip: schema: type: string format: binary '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:access-modeling:read - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:read - iai:access-modeling:manage /role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/provision: post: operationId: createPotentialRoleProvisionRequest summary: Create request to provision a potential role into an actual role. tags: - IAI Role Mining description: This method starts a job to provision a potential role parameters: - in: path name: sessionId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleMiningSessions description: The role mining session id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: path name: potentialRoleId schema: type: string required: true x-sailpoint-resource-operation-id: getPotentialRoleSummaries description: A potential role id in a role mining session example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: query name: min-entitlement-popularity description: Minimum popularity required for an entitlement to be included in the provisioned role. required: false style: form explode: true schema: type: integer default: 0 minimum: 0 maximum: 100 - in: query name: include-common-access description: Boolean determining whether common access entitlements will be included in the provisioned role. required: false style: form explode: true schema: type: boolean default: true - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: description: Required information to create a new role content: application/json: schema: $ref: '#/components/schemas/RoleMiningPotentialRoleProvisionRequest' responses: '202': description: Accepted. Returns a potential role summary including the status of the provison request content: application/json: schema: $ref: '#/components/schemas/RoleMiningPotentialRoleSummary' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:manage /role-mining-sessions/{sessionId}/potential-roles/{potentialRoleId}/excluded-entitlements: get: operationId: getExcludedEntitlementsPotentialRole summary: Retrieves excluded entitlements for a potential role in a role mining session tags: - IAI Role Mining description: This method returns excluded entitlements for a potential role in a role mining session. parameters: - in: path name: sessionId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleMiningSessions description: The role mining session id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: path name: potentialRoleId schema: type: string required: true x-sailpoint-resource-operation-id: getPotentialRoleSummaries description: A potential role id in a role mining session example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: query name: sorters description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **popularity** example: populariity required: false style: form explode: true schema: type: string - in: query name: filters description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **applicationName**: *sw* **entitlementRef.name**: *sw* example: applicationName sw "AD" required: false style: form explode: true schema: type: string - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns a list of excluded entitlements for a potential roles. content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleMiningEntitlement' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '500': $ref: '#/components/responses/500' security: - userAuth: - iai:access-modeling:read - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:read - iai:access-modeling:manage /role-mining-potential-roles: get: operationId: getAllPotentialRoleSummaries summary: Retrieves all potential role summaries tags: - IAI Role Mining description: Returns all potential role summaries that match the query parameters security: - userAuth: - iai:access-modeling:read - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:read - iai:access-modeling:manage parameters: - in: query name: sorters required: false style: form explode: true schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **createdDate, identityCount, entitlementCount, freshness, quality** example: createdDate - in: query name: filters description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **createdById**: *eq, sw, co* **createdByName**: *eq, sw, co* **description**: *sw, co* **endDate**: *le, lt* **freshness**: *eq, ge, gt, le, lt* **name**: *eq, sw, co, ge, gt, le, lt* **quality**: *eq, ge, gt, le, lt* **startDate**: *ge, gt* **saved**: *eq* **type**: *eq, ge, gt, le, lt* **scopingMethod**: *eq* **sessionState**: *eq* **identityAttribute**: *co* example: (createdByName co "int") and (createdById sw "2c9180907") and (type eq "COMMON") and ((name co "entt") or (saved eq true)) required: false style: form explode: true schema: type: string - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns all potential role summaries that match the query parameters. content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleMiningPotentialRoleSummary' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /role-mining-potential-roles/{potentialRoleId}: get: operationId: getRoleMiningPotentialRole summary: Retrieves a specific potential role tags: - IAI Role Mining description: This method returns a specific potential role. security: - userAuth: - iai:access-modeling:read - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:read - iai:access-modeling:manage parameters: - in: path name: potentialRoleId schema: type: string required: true x-sailpoint-resource-operation-id: getPotentialRoleSummaries description: A potential role id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns a list of potential roles for a role mining session. content: application/json: schema: $ref: '#/components/schemas/RoleMiningPotentialRole' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchPotentialRole summary: Update a potential role tags: - IAI Role Mining description: | The method updates an existing potential role using. The following fields can be modified: * `description` * `name` * `saved` >**NOTE: All other fields cannot be modified.** security: - userAuth: - iai:access-modeling:manage parameters: - in: path name: sessionId schema: type: string required: true x-sailpoint-resource-operation-id: getRoleMiningSessions description: The role mining session id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - in: path name: potentialRoleId schema: type: string required: true x-sailpoint-resource-operation-id: getPotentialRoleSummaries description: The potential role summary id example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: required: true content: application/json-patch+json: schema: type: array items: allOf: - $ref: '#/components/schemas/JsonPatchOperation' properties: op: type: string description: The operation to be performed enum: - remove - replace example: replace example: - op: remove path: /description - op: replace path: /description value: Acct I - Potential Role - op: remove path: /saved - op: replace path: /saved value: 'false' - op: remove path: /name - op: replace path: /name value: Potential Role Accounting responses: '200': description: Succeeded. Returns the potential role summary based on the potentialRoleId provided. content: application/json: schema: type: object items: $ref: '#/components/schemas/RoleMiningPotentialRole' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /role-mining-potential-roles/saved: get: operationId: getSavedPotentialRoles summary: Retrieves all saved potential roles tags: - IAI Role Mining description: This method returns all saved potential roles (draft roles). security: - userAuth: - iai:access-modeling:read - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:read - iai:access-modeling:manage parameters: - in: query name: sorters required: false style: form explode: true schema: type: string format: comma-separated description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters/) Sorting is supported for the following fields: **modified**' example: modified - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns a list of draft roles for a role mining session. content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleMiningSessionDraftRoleDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /role-mining-potential-roles/{potentialRoleId}/sources/{sourceId}/identityUsage: get: operationId: getPotentialRoleSourceIdentityUsage summary: Retrieves potential role source usage tags: - IAI Role Mining description: This method returns source usageCount (as number of days in the last 90 days) for each identity in a potential role. security: - userAuth: - iai:access-modeling:read - iai:access-modeling:manage - applicationAuth: - iai:access-modeling:read - iai:access-modeling:manage parameters: - in: path name: potentialRoleId schema: type: string required: true x-sailpoint-resource-operation-id: getPotentialRoleSummaries description: A potential role id example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923 - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: A source id example: 2c9180877620c1460176267f336a106f - in: query name: sorters required: false style: form explode: true schema: type: string format: comma-separated description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters/) Sorting is supported for the following fields: **displayName, email, usageCount**' example: '-usageCount' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Succeeded. Returns a list of source usage for the identities in a potential role. content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleMiningPotentialRoleSourceUsage' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /roles/{id}/entitlements: get: operationId: getRoleEntitlements tags: - Roles summary: List role's entitlements description: Get a list of entitlements associated with a specified role. parameters: - name: id in: path description: Containing role's ID. required: true x-sailpoint-resource-operation-id: listRoles schema: type: string example: 2c91808a7813090a017814121919ecca - $ref: '#/components/parameters/limit50' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **attribute**: *eq, sw* **value**: *eq, sw* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **source.id**: *eq, in* example: attribute eq "memberOf" required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, attribute, value, created, modified** example: name,-modified required: false - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of Entitlements content: application/json: schema: type: array items: $ref: '#/components/schemas/Entitlement' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:role-unchecked:read - idn:role-unchecked:manage - idn:role-checked:manage - idn:role-checked:read - applicationAuth: - idn:role-unchecked:read - idn:role-unchecked:manage - idn:role-checked:manage - idn:role-checked:read x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN /send-test-notification: post: operationId: sendTestNotification tags: - Notifications summary: Send test notification description: Send a Test Notification requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SendTestNotificationRequestDto' example: key: cloud_manual_work_item_summary medium: EMAIL context: numberOfPendingTasks: '4' ownerId: 201327fda1c44704ac01181e963d463c responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /sim-integrations/{id}: put: tags: - SIM Integrations summary: Update an existing sim integration description: Update an existing SIM integration. operationId: putSIMIntegration requestBody: description: The full DTO of the integration containing the updated model content: application/json: schema: $ref: '#/components/schemas/SimIntegrationDetails' required: true parameters: - name: id in: path description: The id of the integration. schema: type: string example: 12345 required: true x-sailpoint-resource-operation-id: getSIMIntegrations - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: details of the updated integration content: application/json: schema: $ref: '#/components/schemas/ServiceDeskIntegrationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN get: tags: - SIM Integrations summary: Get a sim integration details. description: Get the details of a SIM integration. operationId: getSIMIntegration parameters: - name: id in: path description: The id of the integration. schema: type: string example: 12345 required: true x-sailpoint-resource-operation-id: getSIMIntegrations - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: The DTO containing the details of the SIM integration content: application/json: schema: $ref: '#/components/schemas/ServiceDeskIntegrationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:read - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN delete: tags: - SIM Integrations summary: Delete a sim integration description: Get the details of a SIM integration. operationId: deleteSIMIntegration parameters: - name: id description: The id of the integration to delete. in: path schema: type: string example: 12345 required: true x-sailpoint-resource-operation-id: getSIMIntegrations - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: No content response '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN patch: tags: - SIM Integrations summary: Patch a sim attribute. description: Patch a SIM attribute given a JsonPatch object. operationId: patchSIMAttributes requestBody: required: true description: The JsonPatch object that describes the changes of SIM content: application/json-patch+json: schema: $ref: '#/components/schemas/JsonPatch' parameters: - name: id description: SIM integration id in: path schema: type: string example: 12345 required: true x-sailpoint-resource-operation-id: getSIMIntegrations - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: The updated DTO containing the details of the SIM integration. content: application/json: schema: $ref: '#/components/schemas/ServiceDeskIntegrationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN /sim-integrations/{id}/beforeProvisioningRule: patch: tags: - SIM Integrations summary: Patch a sim beforeprovisioningrule attribute. description: Patch a SIM beforeProvisioningRule attribute given a JsonPatch object. operationId: patchBeforeProvisioningRule requestBody: required: true description: The JsonPatch object that describes the changes of SIM beforeProvisioningRule. content: application/json-patch+json: schema: $ref: '#/components/schemas/JsonPatch' parameters: - name: id in: path description: SIM integration id schema: type: string example: 12345 required: true x-sailpoint-resource-operation-id: getSIMIntegrations - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: The updated DTO containing the details of the SIM integration. content: application/json: schema: $ref: '#/components/schemas/ServiceDeskIntegrationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN /sim-integrations: get: tags: - SIM Integrations summary: List the existing sim integrations. description: List the existing SIM integrations. operationId: getSIMIntegrations responses: '200': description: The DTO containing the details of the SIM integration content: application/json: schema: type: array items: $ref: '#/components/schemas/ServiceDeskIntegrationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:read - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true post: tags: - SIM Integrations summary: Create new sim integration description: Create a new SIM Integrations. operationId: createSIMIntegration requestBody: description: DTO containing the details of the SIM integration content: application/json: schema: $ref: '#/components/schemas/SimIntegrationDetails' required: true responses: '200': description: details of the created integration content: application/json: schema: $ref: '#/components/schemas/ServiceDeskIntegrationDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:service-desk-integration:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /sp-config/export: post: operationId: exportSpConfig security: - userAuth: - sp:config:read - sp:config:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - SP-Config summary: Initiates configuration objects export job description: |- This post will export objects from the tenant to a JSON configuration file. For more information about the object types that currently support export functionality, refer to [SaaS Configuration](https://developer.sailpoint.com/docs/extensibility/configuration-management/saas-configuration#supported-objects). requestBody: description: Export options control what will be included in the export. required: true content: application/json: schema: $ref: '#/components/schemas/ExportPayload' examples: Export all objects available: description: Export all object types available in IDN. value: description: Export all available objects excludeTypes: [] includeTypes: - ACCESS_PROFILE - ACCESS_REQUEST_CONFIG - ATTR_SYNC_SOURCE_CONFIG - AUTH_ORG - CAMPAIGN_FILTER - CONNECTOR_RULE - FORM_DEFINITION - GOVERNANCE_GROUP - IDENTITY_OBJECT_CONFIG - IDENTITY_PROFILE - LIFECYCLE_STATE - NOTIFICATION_TEMPLATE - PASSWORD_POLICY - PASSWORD_SYNC_GROUP - PUBLIC_IDENTITIES_CONFIG - ROLE - RULE - SEGMENT - SERVICE_DESK_INTEGRATION - SOD_POLICY - SOURCE - TAG - TRANSFORM - TRIGGER_SUBSCRIPTION - WORKFLOW objectOptions: {} Export sources by ID: description: Export only sources that match the IDs specified in the export options. value: description: Export sources by ID excludeTypes: [] includeTypes: - SOURCE objectOptions: SOURCE: includedIds: - be9e116d-08e1-49fc-ab7f-fa585e96c9e4 - be9p119e-90e1-49pk-ac9f-fa576e96c9e4 includedNames: [] Export transforms by name: description: Export only transforms that match the names specified in the export options. value: description: Export transforms by name excludeTypes: [] includeTypes: - TRANSFORM objectOptions: TRANSFORM: includedIds: [] includedNames: - Remove Diacritical Marks - Common - Location Lookup Export trigger subscriptions triggers and transforms with custom options: description: Export trigger subscriptions and transforms that match the export options. value: description: Export trigger subscriptions and transforms with custom filter options excludeTypes: [] includeTypes: - TRANSFORM - TRIGGER_SUBSCRIPTION objectOptions: TRANSFORM: includedIds: [] includedNames: - Remove Diacritical Marks - Common - Location Lookup TRIGGER_SUBSCRIPTION: includedIds: - be9e116d-08e1-49fc-ab7f-fa585e96c9e4 - be9p119e-90e1-49pk-ac9f-fa576e96c9e4 includedNames: - 'NGROK Test: fire and forget' - Manager Certification responses: '202': description: Export job accepted and queued for processing. content: application/json: schema: $ref: '#/components/schemas/SpConfigExportJob' '400': description: | Client Error - Returned if the request body is invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sp-config/export/{id}: get: operationId: getSpConfigExportStatus security: - userAuth: - sp:config:read - sp:config:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - SP-Config summary: Get export job status description: |- This gets the status of the export job identified by the `id` parameter. The request will need one of the following security scopes: - sp:config:read - sp:config:manage parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: exportSpConfig description: The ID of the export job whose status will be returned. example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: Export job status successfully returned. content: application/json: schema: $ref: '#/components/schemas/SpConfigExportJobStatus' example: jobId: 1e824aa0-4c6e-4f14-95e9-e7dc5234aa51 status: COMPLETE type: EXPORT message: null description: Export Job 1 Test expiration: '2021-05-20T15:04:24Z' created: '2021-05-13T15:04:24.112Z' modified: '2021-05-13T15:04:27.363Z' completed: '2021-05-13T15:04:27.358Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sp-config/export/{id}/download: get: operationId: getSpConfigExport security: - userAuth: - sp:config:read - sp:config:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - SP-Config summary: Download export job result. description: |- This endpoint gets the export file resulting from the export job with the requested `id` and downloads it to a file. The request will need one of the following security scopes: - sp:config:read - sp:config:manage parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: exportSpConfig description: The ID of the export job whose results will be downloaded. example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: Exported JSON objects. content: application/json: schema: $ref: '#/components/schemas/SpConfigExportResults' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sp-config/import: post: operationId: importSpConfig security: - userAuth: - sp:config:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - SP-Config summary: Initiates configuration objects import job description: | This post will import objects from a JSON configuration file into a tenant. By default, every import will first export all existing objects supported by sp-config as a backup before the import is attempted. The backup is provided so that the state of the configuration prior to the import is available for inspection or restore if needed. The backup can be skipped by setting "excludeBackup" to true in the import options. If a backup is performed, the id of the backup will be provided in the ImportResult as the "exportJobId". This can be downloaded using the `/sp-config/export/{exportJobId}/download` endpoint. You cannot currently import from the Non-Employee Lifecycle Management (NELM) source. You cannot use this endpoint to back up or store NELM data. For more information about the object types that currently support import functionality, refer to [SaaS Configuration](https://developer.sailpoint.com/docs/extensibility/configuration-management/saas-configuration#supported-objects). parameters: - in: query name: preview schema: type: boolean default: false required: false description: | This option is intended to give the user information about how an import operation would proceed, without having any effect on the target tenant. If this parameter is "true", no objects will be imported. Instead, the import process will pre-process the import file and attempt to resolve references within imported objects. The import result file will contain messages pertaining to how specific references were resolved, any errors associated with the preprocessing, and messages indicating which objects would be imported. example: 'true' requestBody: description: "The form-data \"name\" attribute for the file content must be \"data\".\n\n__Example__\n\n data: \"config_export_0340b957-5caa-44f6-ada2-d3c4c5bd0b19.json\",\n options: {\n \"excludeTypes\": [],\n \"includeTypes\": [\"TRIGGER_SUBSCRIPTION\"],\n \"objectOptions\": {\n \"TRIGGER_SUBSCRIPTION\": {\n \"includedIds\": [ \"193446a1-c431-4326-8ba7-d6eebf922948\"],\n \"includedNames\":[]\n }\n },\n \"defaultReferences\": [\n {\n \"type\": \"TRIGGER_SUBSCRIPTION\",\n \"id\": \"be9e116d-08e1-49fc-ab7f-fa585e96c9e4\",\n \"name\": \"Test Trigger\"\n }\n ],\n \"excludeBackup\": false\n }\n\n__Sample Import File__\n\n {\n \t\"version\": 1,\n \t\"timestamp\": \"2021-05-10T15:19:23.425041-05:00\",\n \t\"tenant\": \"sampleTenant\",\n \t\"options\": {\n \t\t\"excludeTypes\": [],\n \t\t\"includeTypes\": [\"TRIGGER_SUBSCRIPTION\"],\n \t\t\"objectOptions\": null\n \t},\n \t\"objects\": [{\n \t\t\t\"version\": 1,\n \t\t\t\"self\": {\n \t\t\t\t\"type\": \"TRIGGER_SUBSCRIPTION\",\n \t\t\t\t\"name\": \"test trigger\",\n \t\t\t\t\"id\": \"193446a1-c431-4326-8ba7-d6eebf922948\"\n \t\t\t},\n \t\t\t\"object\": {\n \t\t\t\t\"type\": \"HTTP\",\n \t\t\t\t\"enabled\": true,\n \t\t\t\t\"httpConfig\": {\n \t\t\t\t\t\"url\": \"https://localhost\",\n \t\t\t\t\t\"httpAuthenticationType\": \"NO_AUTH\",\n \t\t\t\t\t\"basicAuthConfig\": null,\n \t\t\t\t\t\"bearerTokenAuthConfig\": null,\n \t\t\t\t\t\"httpDispatchMode\": \"SYNC\"\n \t\t\t\t},\n \t\t\t\t\"triggerName\": \"Access Request Submitted\",\n \t\t\t\t\"responseDeadline\": \"PT1H\",\n \t\t\t\t\"name\": \"test trigger\",\n \t\t\t\t\"triggerId\": \"idn:access-request-pre-approval\"\n \t\t\t}\n \t\t}\n \t]\n }\n" required: true content: multipart/form-data: schema: type: object properties: data: type: string format: binary description: JSON file containing the objects to be imported. options: $ref: '#/components/schemas/ImportOptions' required: - data example: data: config_export_0340b957-5caa-44f6-ada2-d3c4c5bd0b19.json options: excludeTypes: [] includeTypes: - TRIGGER_SUBSCRIPTION objectOptions: TRIGGER_SUBSCRIPTION: includedIds: - be9e116d-08e1-49fc-ab7f-fa585e96c9e4 includedNames: - Lori Test 2 defaultReferences: - type: TRIGGER_SUBSCRIPTION id: be9e116d-08e1-49fc-ab7f-fa585e96c9e4 name: Test Trigger excludeBackup: false responses: '202': description: Import job accepted and queued for processing. content: application/json: schema: $ref: '#/components/schemas/SpConfigJob' '400': description: | Client Error - Returned if the request body is invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sp-config/import/{id}: get: operationId: getSpConfigImportStatus security: - userAuth: - sp:config:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - SP-Config summary: Get import job status description: | 'This gets the status of the import job identified by the `id` parameter. For more information about the object types that currently support import functionality, refer to [SaaS Configuration](https://developer.sailpoint.com/docs/extensibility/configuration-management/saas-configuration#supported-objects).' parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: importSpConfig description: The ID of the import job whose status will be returned. example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: Import job status successfully returned. content: application/json: schema: $ref: '#/components/schemas/SpConfigImportJobStatus' example: jobId: 4fb10503-1c49-4603-8f8d-886e1f6aa47b status: COMPLETE type: IMPORT message: Download import results for details. description: null expiration: '2021-05-20T16:42:39Z' created: '2021-05-13T16:42:39.333Z' modified: '2021-05-13T16:42:40.71Z' completed: '2021-05-13T16:42:40.705Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sp-config/import/{id}/download: get: operationId: getSpConfigImport security: - userAuth: - sp:config:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - SP-Config summary: Download import job result description: |- This gets import file resulting from the import job with the requested id and downloads it to a file. The downloaded file will contain the results of the import operation, including any error, warning or informational messages associated with the import. The request will need the following security scope: - sp:config:manage parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: importSpConfig description: The ID of the import job whose results will be downloaded. example: ef38f94347e94562b5bb8424a56397d8 responses: '200': description: Import results JSON object, containing detailed results of the import operation. content: application/json: schema: $ref: '#/components/schemas/SpConfigImportResults' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sp-config/config-objects: get: operationId: listSpConfigObjects security: - userAuth: - sp:config:read - sp:config:manage x-sailpoint-userLevels: - ORG_ADMIN tags: - SP-Config summary: List config objects description: Get a list of object configurations that the tenant export/import service knows. responses: '200': description: Object configurations returned successfully. content: application/json: schema: type: array items: $ref: '#/components/schemas/SpConfigObject' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{id}/attribute-sync-config: get: operationId: getSourceAttrSyncConfig tags: - Sources summary: Attribute sync config description: This API returns the existing attribute synchronization configuration for a source specified by the given ID. The response contains all attributes, regardless of whether they enabled or not. security: - userAuth: - idn:attr-sync-source-config:read - idn:attr-sync-source-config:manage x-sailpoint-userLevels: - ORG_ADMIN - HELPDESK parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The source id example: 2c9180835d191a86015d28455b4a2329 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Attribute synchronization configuration for a source content: application/json: schema: $ref: '#/components/schemas/AttrSyncSourceConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' put: operationId: putSourceAttrSyncConfig tags: - Sources summary: Update attribute sync config description: | Replaces the attribute synchronization configuration for the source specified by the given ID with the configuration provided in the request body. Only the "enabled" field of the values in the "attributes" array is mutable. Attempting to change other attributes or add new values to the "attributes" array will result in an error. security: - userAuth: - idn:attr-sync-source-config:manage x-sailpoint-userLevels: - ORG_ADMIN parameters: - in: path name: id required: true x-sailpoint-resource-operation-id: listSources schema: type: string description: The source id example: 2c9180835d191a86015d28455b4a2329 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AttrSyncSourceConfig' responses: '200': description: Updated attribute synchronization configuration for a source content: application/json: schema: $ref: '#/components/schemas/AttrSyncSourceConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{id}/synchronize-attributes: post: operationId: syncAttributesForSource tags: - Sources summary: Synchronize single source attributes. security: - userAuth: - idn:attr-sync-source-config:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN description: This end-point performs attribute synchronization for a selected source. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: The Source id - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '202': description: A Source Sync job content: application/json: schema: $ref: '#/components/schemas/SourceSyncJob' example: id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde status: IN_PROGRESS payload: type: SYNCHRONIZE_SOURCE_ATTRIBUTES dataJson: '{"sourceId":"2c918083746f642c01746f990884012a"}' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /sources/{id}/entitlement-request-config: get: security: - userAuth: - idn:sources:read - idn:sources:manage - applicationAuth: - idn:sources:read - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN operationId: getSourceEntitlementRequestConfig summary: Get source entitlement request configuration tags: - Sources description: |- This API gets the current entitlement request configuration for a source. This source-level configuration should apply for all the entitlements in the source. Access request to any entitlements in the source should follow this configuration unless a separate entitlement-level configuration is defined. - During access request, this source-level entitlement request configuration overrides the global organization-level configuration. - However, the entitlement-level configuration (if defined) overrides this source-level configuration. responses: '200': description: Source Entitlement Request Configuration Details. content: application/json: schema: $ref: '#/components/schemas/SourceEntitlementRequestConfig' examples: Get default config: description: The default config for a source should look like the following where the empty approvalSchemes indicates that no approvals are required. value: accessRequestConfig: approvalSchemes: [] requestCommentRequired: false denialCommentRequired: false Get config with one approval: description: In case of a single approval, the config could look like the following. value: accessRequestConfig: approvalSchemes: - approverId: null approverType: SOURCE_OWNER requestCommentRequired: true denialCommentRequired: false Get config with multiple approvals: description: In case of multiple levels of approvals the config could look like the following. In this scenario, access request review process should go through all the approvers sequentially. value: accessRequestConfig: approvalSchemes: - approverId: null approverType: ENTITLEMENT_OWNER - approverId: null approverType: SOURCE_OWNER - approverId: 95e538a3-30c1-433a-af05-4bed973bbc22 approverType: GOVERNANCE_GROUP requestCommentRequired: true denialCommentRequired: false '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true put: security: - userAuth: - idn:sources:manage - applicationAuth: - idn:sources:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN operationId: updateSourceEntitlementRequestConfig summary: Update source entitlement request configuration tags: - Sources description: |- This API replaces the current entitlement request configuration for a source. This source-level configuration should apply for all the entitlements in the source. Access request to any entitlements in the source should follow this configuration unless a separate entitlement-level configuration is defined. - During access request, this source-level entitlement request configuration overrides the global organization-level configuration. - However, the entitlement-level configuration (if defined) overrides this source-level configuration. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SourceEntitlementRequestConfig' examples: Set config with no approvals: description: If no approvals are required, the following config can be set. value: accessRequestConfig: approvalSchemes: [] Set config with one approval: description: In case of single approval the following config can be set. value: accessRequestConfig: approvalSchemes: - approverType: SOURCE_OWNER requestCommentRequired: true denialCommentRequired: false Set config with multiple approvals: description: In case of multiple levels of approvals the following config can be set. In this scenario, access request review process should go through all the approvers sequentially. value: accessRequestConfig: approvalSchemes: - approverType: ENTITLEMENT_OWNER - approverType: SOURCE_OWNER - approverType: GOVERNANCE_GROUP approverId: 95e538a3-30c1-433a-af05-4bed973bbc22 requestCommentRequired: true denialCommentRequired: false responses: '200': description: Source Entitlement Request Configuration Details. content: application/json: schema: $ref: '#/components/schemas/SourceEntitlementRequestConfig' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /sources/{sourceId}/load-entitlements: post: tags: - Sources summary: Entitlement aggregation operationId: importEntitlements description: |- Starts an entitlement aggregation on the specified source. If the target source is a delimited file source, then the CSV file needs to be included in the request body. You will also need to set the Content-Type header to `multipart/form-data`. A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. parameters: - in: path name: sourceId schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: Source Id example: ef38f94347e94562b5bb8424a56397d8 requestBody: content: multipart/form-data: schema: type: object properties: file: type: string format: binary description: The CSV file containing the source entitlements to aggregate. responses: '202': description: Aggregate Entitlements Task content: application/json: schema: $ref: '#/components/schemas/LoadEntitlementTask' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:entitlement:manage x-sailpoint-userLevels: - ORG_ADMIN /task-status/{id}: get: tags: - Task Management summary: Get task status by id description: Get task status by task ID. Types of tasks include account and entitlement aggregation and other general background processing tasks. Data for tasks older than 90 days will not be returned. operationId: getTaskStatus parameters: - name: id in: path description: Task ID. required: true x-sailpoint-resource-operation-id: getTaskStatusList example: 00eebcf881994e419d72e757fd30dc0e style: simple explode: false schema: type: string responses: '200': description: Responds with a TaskStatus for the task with the given task ID. content: application/json: schema: $ref: '#/components/schemas/TaskStatus' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': description: Forbidden, generally due to a lack of security rights '404': description: TaskStatus with the given id was not found. '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:task-management:read - idn:task-management:write - applicationAuth: - idn:task-management:read - idn:task-management:write x-sailpoint-userLevels: - ORG_ADMIN - HELPDESK - CERT_ADMIN - REPORT_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN patch: operationId: updateTaskStatus tags: - Task Management summary: Update task status by id description: Update a current task status by task ID. Use this API to clear a pending task by updating the completionStatus and completed attributes. parameters: - name: id in: path description: Task ID. example: 00eebcf881994e419d72e757fd30dc0e required: true x-sailpoint-resource-operation-id: getTaskStatusList style: simple explode: false schema: type: string requestBody: required: true description: The JSONPatch payload used to update the object. content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /completionStatus value: Error - op: replace path: /completed value: '2024-05-17 19:33:16.470000+00:00' responses: '200': description: This response indicates the PATCH operation succeeded, and the API returns the updated task object. content: application/json: schema: $ref: '#/components/schemas/TaskStatus' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:task-management:write x-sailpoint-userLevels: - ORG_ADMIN - CERT_ADMIN - REPORT_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /task-status: get: tags: - Task Management summary: Retrieve task status list description: | Use this endpoint to get a list of statuses for **completed** tasks. Types of tasks include account and entitlement aggregation and other general background processing tasks. Data for tasks older than 90 days will not be returned. To get a list of statuses for **in-progress** tasks, please use the [retrieve pending task status list](https://developer.sailpoint.com/docs/api/v2024/get-pending-tasks) endpoint. operationId: getTaskStatusList parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string example: completionStatus eq "Success" required: false description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **sourceId**: *eq, in* **completionStatus**: *eq, in* **type**: *eq, in* - in: query name: sorters schema: type: string format: comma-separated example: '-created' required: false description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **created** responses: '200': description: Responds with a TaskStatus for the task with the given task ID. content: application/json: schema: type: array items: $ref: '#/components/schemas/TaskStatus' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:task-management:read - idn:task-management:write - applicationAuth: - idn:task-management:read - idn:task-management:write x-sailpoint-userLevels: - ORG_ADMIN - HELPDESK - CERT_ADMIN - REPORT_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /task-status/pending-tasks: get: tags: - Task Management summary: Retrieve pending task status list description: | This API is being deprecated. Please use the [task-status-list](https://developer.sailpoint.com/docs/api/v2025/get-task-status-list) endpoint with isnull filtering on the completionStatus field to retrieve pending tasks. Example: /v2025/task-status?filters=completionStatus isnull Retrieve a list of statuses for pending tasks. Types of tasks include account and entitlement aggregation and other general background processing tasks. Data for tasks older than 90 days will not be returned. deprecated: true x-deprecated-description: | This API has been deprecated, please refer to [task-status-list](https://developer.sailpoint.com/docs/api/v2025/get-task-status-list) for the latest API. operationId: getPendingTasks parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' responses: '200': description: Responds with a list of TaskStatus for pending tasks. content: application/json: schema: type: array items: $ref: '#/components/schemas/TaskStatus' '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:task-management:read - idn:task-management:write - applicationAuth: - idn:task-management:read - idn:task-management:write x-sailpoint-userLevels: - ORG_ADMIN - HELPDESK - CERT_ADMIN - REPORT_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN head: tags: - Task Management summary: Retrieve pending task list headers description: | This API is being deprecated. Please use the [task-status-list](https://developer.sailpoint.com/docs/api/v2025/get-task-status-list) endpoint with isnull filtering on the completionStatus field and count=true. Example: /v2025/task-status?count=true&filters=completionStatus isnull Responds with headers only for list of task statuses for pending tasks. deprecated: true x-deprecated-description: | This API has been deprecated, please refer to [task-status-list](https://developer.sailpoint.com/docs/api/v2025/get-task-status-list) for the latest API. operationId: getPendingTaskHeaders parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' responses: '200': description: Retrieve headers for a list of TaskStatus for pending tasks. '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:task-management:read - idn:task-management:write - applicationAuth: - idn:task-management:read - idn:task-management:write x-sailpoint-userLevels: - ORG_ADMIN - HELPDESK - CERT_ADMIN - REPORT_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /tenant: get: operationId: getTenant tags: - Tenant summary: Get tenant information. description: This rest endpoint can be used to retrieve tenant details. security: - userAuth: - sp:tenant:read x-sailpoint-userLevels: - Any responses: '200': description: Tenant Info content: application/json: schema: $ref: '#/components/schemas/Tenant' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /tenant-context: get: summary: Retrieve tenant context tags: - Tenant Context description: | Returns a list of key-value pairs representing the current state of the tenant's context. parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true security: - userAuth: - idn:tenant-context:read - applicationAuth: - idn:tenant-context:read x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN operationId: getTenantContext responses: '200': description: Successfully retrieved tenant context. content: application/json: schema: type: array items: type: object properties: key: type: string value: type: string example: - key: IAS value: International Accounting Standards '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: summary: Update tenant context tags: - Tenant Context description: | Allows the user to make incremental updates to tenant context records using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax. This endpoint is specifically designed to modify the `/Key/*` field, supporting operations such as `add`, `remove`, or `replace` to manage key-value pairs. Note that each tenant is limited to a maximum of 100 key-value pairs. parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true security: - userAuth: - idn:tenant-context:write - applicationAuth: - idn:tenant-context:write x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN operationId: patchTenantContext requestBody: content: application/json-patch+json: schema: $ref: '#/components/schemas/JsonPatchOperation' examples: Multiple operations in one call: description: This example shows how multiple context keys may be updated with a single patch call. value: - op: add path: /Key/IAS value: Integrated Automation System - op: replace path: /Key/IAS value: International Accounting Standards - op: remove path: /Key/NDR Add a single context: description: This example shows how a single context may be created with a single patch call. value: - op: add path: /Key/IAS value: Integrated Automation System Update a single context: description: This example shows how a single context may be updated with a single patch call. value: - op: replace path: /Key/IAS value: International Accounting Standards Remove a single context: description: This example shows how a single context may be removed with a single patch call. value: - op: remove path: /Key/IAS required: true responses: '200': description: Tenant context updated successfully. '400': description: Bad request due to invalid input parameters. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: incorrectPath: summary: Invalid path example value: detailCode: Bad Request trackingId: e9eaaeac516643ffa087cc476e7577c5 messages: - locale: en-US localeOrigin: DEFAULT text: 'invalid patch request: field not patchable or does not contain key (/InvalidPath/IAS)' invalidOperation: summary: Invalid operation example value: detailCode: Bad Request trackingId: 39cfb6a29d5a4522954d72124545d3c5 messages: - locale: en-US localeOrigin: DEFAULT text: 'invalid patch request: operation not allowed (move)' noKeyInPath: summary: No key in path example value: detailCode: Bad Request trackingId: 6d3bdd67ac8a4382884875ed4abf1f13 messages: - locale: en-US localeOrigin: DEFAULT text: 'invalid patch request: field not patchable or does not contain key (/Key/)' capacityExceeded: summary: Capacity exceeded example value: detailCode: Bad Request trackingId: bd51a5e2f4ee4d5aa65ac2f7cd3c2445 messages: - locale: en-US localeOrigin: DEFAULT text: 'unable to fulfill patch request: max tenant context capacity exceeded by 5 key/value pair(s)' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /triggers: get: operationId: listTriggers tags: - Triggers summary: List triggers description: Gets a list of triggers that are available in the tenant. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters required: false schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, ge, le* example: id eq "idn:access-request-post-approval" - in: query name: sorters required: false schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name** example: name - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of triggers. content: application/json: schema: type: array items: $ref: '#/components/schemas/Trigger' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:trigger-service-subscriptions:read - applicationAuth: - sp:trigger-service-subscriptions:read /trigger-subscriptions: post: operationId: createSubscription tags: - Triggers summary: Create a subscription description: |- This API creates a new subscription to a trigger and defines trigger invocation details. The type of subscription determines which config object is required: * HTTP subscriptions require httpConfig * EventBridge subscriptions require eventBridgeConfig requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SubscriptionPostRequest' examples: HTTP Subscription: value: name: Access request subscription description: Access requested to site xyz triggerId: idn:access-requested type: HTTP httpConfig: url: https://www.example.com httpDispatchMode: SYNC httpAuthenticationType: BASIC_AUTH basicAuthConfig: userName: user@example.com password: eRtg4%6yuI! enabled: true filter: $[?($.identityId == "201327fda1c44704ac01181e963d463c")] HTTP Async Subscription: value: name: Access request subscription description: Access requested to site xyz triggerId: idn:access-requested type: HTTP responseDeadline: PT1H httpConfig: url: https://www.example.com httpDispatchMode: ASYNC httpAuthenticationType: BASIC_AUTH basicAuthConfig: userName: user@example.com password: eRtg4%6yuI! enabled: true filter: $[?($.identityId == "201327fda1c44704ac01181e963d463c")] EventBridge Subscription: value: name: Access request subscription description: Access requested to site xyz triggerId: idn:access-requested type: EVENTBRIDGE eventBridgeConfig: awsAccount: '123456789012' awsRegion: us-west-1 enabled: true filter: $[?($.identityId == "201327fda1c44704ac01181e963d463c")] responses: '201': description: New subscription to a trigger. The trigger can now be invoked by the method defined in the subscription. content: application/json: schema: $ref: '#/components/schemas/Subscription' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:trigger-service-subscriptions:manage - applicationAuth: - sp:trigger-service-subscriptions:manage parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true get: operationId: listSubscriptions tags: - Triggers summary: List subscriptions description: Gets a list of all trigger subscriptions. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query required: false name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq* **triggerId**: *eq* **type**: *eq, le* example: id eq "12cff757-c0c0-413b-8ad7-2a47956d1e89" - in: query name: sorters required: false schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **triggerId, triggerName** example: triggerName - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of subscriptions. content: application/json: schema: type: array items: $ref: '#/components/schemas/Subscription' examples: HTTP Subscription: value: - id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde name: Access request subscription description: Access requested to site xyz triggerId: idn:access-requested triggerName: Access Requested type: HTTP httpConfig: url: https://www.example.com httpDispatchMode: SYNC httpAuthenticationType: BASIC_AUTH basicAuthConfig: userName: user@example.com password: null enabled: true filter: $[?($.identityId == "201327fda1c44704ac01181e963d463c")] HTTP Async Subscription: value: name: Access request subscription description: Access requested to site xyz triggerId: idn:access-requested triggerName: Access Requested type: HTTP responseDeadline: PT1H httpConfig: url: https://www.example.com httpDispatchMode: ASYNC httpAuthenticationType: BASIC_AUTH basicAuthConfig: userName: user@example.com password: null enabled: true filter: $[?($.identityId == "201327fda1c44704ac01181e963d463c")] EventBridge Subscription: value: - id: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde name: Access request subscription description: Access requested to site xyz triggerId: idn:access-requested triggerName: Access Requested type: EVENTBRIDGE eventBridgeConfig: awsAccount: '123456789012' awsRegion: us-west-1 enabled: true filter: $[?($.identityId == "201327fda1c44704ac01181e963d463c")] '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:trigger-service-subscriptions:read - sp:trigger-service-subscriptions:manage - applicationAuth: - sp:trigger-service-subscriptions:read - sp:trigger-service-subscriptions:manage /trigger-subscriptions/{id}: put: operationId: updateSubscription tags: - Triggers summary: Update a subscription description: |- This API updates a trigger subscription in IdentityNow, using a full object representation. In other words, the existing Subscription is completely replaced. The following fields are immutable: * id * triggerId Attempts to modify these fields result in 400. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSubscriptions description: Subscription ID example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SubscriptionPutRequest' examples: HTTP Subscription: value: name: Access request subscription description: Access requested to site xyz type: HTTP httpConfig: url: https://www.example.com httpDispatchMode: SYNC httpAuthenticationType: BASIC_AUTH basicAuthConfig: userName: user@example.com password: eRtg4%6yuI! enabled: true filter: $[?($.identityId == "201327fda1c44704ac01181e963d463c")] HTTP Async Subscription: value: name: Access request subscription description: Access requested to site xyz type: HTTP responseDeadline: PT1H httpConfig: url: https://www.example.com httpDispatchMode: ASYNC httpAuthenticationType: BASIC_AUTH basicAuthConfig: userName: user@example.com password: eRtg4%6yuI! enabled: true filter: $[?($.identityId == "201327fda1c44704ac01181e963d463c")] EventBridge Subscription: value: name: Access request subscription description: Access requested to site xyz type: EVENTBRIDGE eventBridgeConfig: awsAccount: '123456789012' awsRegion: us-west-1 enabled: true filter: $[?($.identityId == "201327fda1c44704ac01181e963d463c")] responses: '200': description: Updated subscription. content: application/json: schema: $ref: '#/components/schemas/Subscription' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:trigger-service-subscriptions:manage - applicationAuth: - sp:trigger-service-subscriptions:manage patch: operationId: patchSubscription tags: - Triggers summary: Patch a subscription description: |- This API updates a trigger subscription in IdentityNow, using a set of instructions to modify a subscription partially. The following fields are patchable: **name**, **description**, **enabled**, **type**, **filter**, **responseDeadline**, **httpConfig**, **eventBridgeConfig**, **workflowConfig** parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSubscriptions description: ID of the Subscription to patch example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: required: true content: application/json-patch+json: schema: $ref: '#/components/schemas/SubscriptionPatchRequest' responses: '200': description: Updated subscription. content: application/json: schema: $ref: '#/components/schemas/Subscription' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:trigger-service-subscriptions:manage - applicationAuth: - sp:trigger-service-subscriptions:manage delete: operationId: deleteSubscription tags: - Triggers summary: Delete a subscription description: Deletes an existing subscription to a trigger. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listSubscriptions description: Subscription ID example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '204': $ref: '#/components/responses/204' description: Subscription is deleted successfully. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:trigger-service-subscriptions:manage - applicationAuth: - sp:trigger-service-subscriptions:manage /trigger-subscriptions/validate-filter: post: operationId: testSubscriptionFilter tags: - Triggers summary: Validate a subscription filter description: |- Validates a JSONPath filter expression against a provided mock input. Request requires a security scope of: requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ValidateFilterInputDto' required: - input - filter example: input: identityId: 201327fda1c44704ac01181e963d463c filter: $[?($.identityId == "201327fda1c44704ac01181e963d463c")] responses: '200': description: Boolean whether specified filter expression is valid against the input. content: application/json: schema: $ref: '#/components/schemas/ValidateFilterOutputDto' example: isValid: true isValidJSONPath: true isPathExist: true '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:trigger-service-subscriptions:manage - applicationAuth: - sp:trigger-service-subscriptions:manage parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /trigger-invocations/status: get: operationId: listTriggerInvocationStatus tags: - Triggers summary: List latest invocation statuses description: |- Gets a list of latest invocation statuses. Statuses of successful invocations are available for up to 24 hours. Statuses of failed invocations are available for up to 48 hours. This endpoint may only fetch up to 2000 invocations, and should not be treated as a representation of the full history of invocations. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters required: false schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **triggerId**: *eq* **subscriptionId**: *eq* example: triggerId eq "idn:access-request-dynamic-approver" - in: query name: sorters required: false schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **triggerId, subscriptionName, created, completed** example: created - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of latest invocation statuses. content: application/json: schema: type: array items: $ref: '#/components/schemas/InvocationStatus' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:trigger-service-invocation-status:read - sp:trigger-service-invocation-status:manage - applicationAuth: - sp:trigger-service-invocation-status:read - sp:trigger-service-invocation-status:manage /trigger-invocations/{id}/complete: post: operationId: completeTriggerInvocation tags: - Triggers summary: Complete trigger invocation description: Completes an invocation to a REQUEST_RESPONSE type trigger. parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listTriggerInvocationStatus description: The ID of the invocation to complete. example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CompleteInvocation' example: secret: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde output: approved: false responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /trigger-invocations/test: post: operationId: startTestTriggerInvocation tags: - Triggers summary: Start a test invocation description: Initiate a test event for all subscribers of the specified event trigger. If there are no subscribers to the specified trigger in the tenant, then no test event will be sent. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/TestInvocation' examples: Test Trigger with Mock Input: value: triggerId: idn:access-requested input: identityId: 201327fda1c44704ac01181e963d463c contentJson: workflowId: 1234 Send Test to only One Subscriber: value: triggerId: idn:access-requested contentJson: workflowId: 1234 subscriptionIds: - 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde responses: '200': description: Test trigger invocations that have been started for specified subscription(s). content: application/json: schema: type: array items: $ref: '#/components/schemas/Invocation' '204': $ref: '#/components/responses/204' description: Trigger invocation is skipped, because tenant has not subscribed to the specified trigger. '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - sp:trigger-service-invocation-status:manage - applicationAuth: - sp:trigger-service-invocation-status:manage parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /ui-metadata/tenant: get: operationId: getTenantUiMetadata tags: - UI Metadata summary: Get a tenant ui metadata description: This API endpoint retrieves UI metadata configured for your tenant. security: - userAuth: - idn:ui-access-metadata-page:read - applicationAuth: - idn:ui-access-metadata-page:read x-sailpoint-userLevels: - ORG_ADMIN responses: '200': description: A tenant UI metadata object content: application/json: schema: $ref: '#/components/schemas/TenantUiMetadataItemResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true put: operationId: setTenantUiMetadata tags: - UI Metadata summary: Update tenant ui metadata description: This API endpoint updates UI metadata for your tenant. These changes may require up to 5 minutes to take effect on the UI. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/TenantUiMetadataItemUpdateRequest' security: - userAuth: - idn:ui-access-metadata-page:manage x-sailpoint-userLevels: - ORG_ADMIN responses: '200': description: A tenant UI metadata object content: application/json: schema: $ref: '#/components/schemas/TenantUiMetadataItemResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /verified-from-addresses: get: operationId: listFromAddresses tags: - Notifications summary: List from addresses description: Retrieve a list of sender email addresses and their verification statuses parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **email**: *eq, ge, le, sw* example: email eq "john.doe@company.com" - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **email** example: email - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of Email Status content: application/json: schema: type: array items: $ref: '#/components/schemas/EmailStatusDto' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createVerifiedFromAddress tags: - Notifications summary: Create verified from address description: Create a new sender email address and initiate verification process. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/EmailStatusDto' example: email: sender@example.com responses: '201': description: New Verified Email Status content: application/json: schema: $ref: '#/components/schemas/EmailStatusDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /verified-from-addresses/{id}: delete: operationId: deleteVerifiedFromAddress tags: - Notifications summary: Delete verified from address description: Delete a verified sender email address parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listFromAddresses - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /verified-domains: get: security: - userAuth: - sp:notification-dkim-attributes:read operationId: getDkimAttributes tags: - Notifications summary: Get dkim attributes description: Retrieve DKIM (DomainKeys Identified Mail) attributes for all your tenants' AWS SES identities. Limits retrieval to 100 identities per call. responses: '200': description: List of DKIM Attributes content: application/json: schema: type: array items: $ref: '#/components/schemas/DkimAttributes' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true post: security: - userAuth: - sp:notification-verify-domain-dkim:write operationId: createDomainDkim tags: - Notifications summary: Verify domain address via dkim description: Create a domain to be verified via DKIM (DomainKeys Identified Mail) requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/DomainAddress' responses: '200': description: List of DKIM tokens required for the verification process. content: application/json: schema: $ref: '#/components/schemas/DomainStatusDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '405': $ref: '#/components/responses/405' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /workgroups: get: operationId: listWorkgroups tags: - Governance Groups summary: List governance groups description: This API returns list of Governance Groups parameters: - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in, sw* **name**: *eq, sw, in* **memberships.identityId**: *eq, in* example: name sw "Test" required: false - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified, id, description** example: name,-modified required: false - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of Governance Groups content: application/json: schema: type: array items: $ref: '#/components/schemas/WorkgroupDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:workgroup:read - idn:workgroup:manage - applicationAuth: - idn:workgroup:read - idn:workgroup:manage post: operationId: createWorkgroup security: - userAuth: - idn:workgroup:manage - applicationAuth: - idn:workgroup:manage tags: - Governance Groups summary: Create a new governance group. description: This API creates a new Governance Group. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/WorkgroupDto' responses: '200': description: Governance Group object created. content: application/json: schema: $ref: '#/components/schemas/WorkgroupDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /workgroups/{id}: get: operationId: getWorkgroup tags: - Governance Groups summary: Get governance group by id description: This API returns a Governance Groups by its ID. parameters: - in: path name: id required: true schema: type: string description: ID of the Governance Group example: 2c9180837ca6693d017ca8d097500149 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: A Governance Group content: application/json: schema: $ref: '#/components/schemas/WorkgroupDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:workgroup:read - idn:workgroup:manage - applicationAuth: - idn:workgroup:read - idn:workgroup:manage x-sailpoint-userLevels: - ORG_ADMIN delete: operationId: deleteWorkgroup tags: - Governance Groups summary: Delete a governance group description: This API deletes a Governance Group by its ID. parameters: - in: path name: id required: true schema: type: string description: ID of the Governance Group example: 2c9180837ca6693d017ca8d097500149 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:workgroup:manage - applicationAuth: - idn:workgroup:manage x-sailpoint-userLevels: - ORG_ADMIN patch: operationId: patchWorkgroup tags: - Governance Groups summary: Patch a governance group description: |- This API updates an existing governance group by ID. The following fields and objects are patchable: * name * description * owner parameters: - in: path name: id required: true schema: type: string description: ID of the Governance Group example: 2c9180837ca6693d017ca8d097500149 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' examples: Replace Description: description: Replace description of a Governance Group. value: - op: replace path: /description value: Governance Group new description. responses: '200': description: A Governance Group. content: application/json: schema: $ref: '#/components/schemas/WorkgroupDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:workgroup:manage - applicationAuth: - idn:workgroup:manage x-sailpoint-userLevels: - ORG_ADMIN /workgroups/bulk-delete: post: operationId: deleteWorkgroupsInBulk summary: Delete governance group(s) tags: - Governance Groups description: |- This API initiates a bulk deletion of one or more Governance Groups. > If any of the indicated Governance Groups have one or more connections associated with it,then those Governance Groups will be added in **inUse** list of the response. Governance Group(s) marked as **inUse** can not be deleted. > If any of the indicated Governance Groups is not does not exists in Organization,then those Governance Groups will be added in **notFound** list of the response. Governance Groups marked as **notFound** will not be deleted. > If any of the indicated Governance Groups does not have any connections associated with it,then those Governance Groups will be added in **deleted** list of the response. A Governance Group marked as **deleted** will be deleted from current Organization. > If the request contains any **inUse** or **notFound** Governance Group IDs then it skips only these Governance Groups for deletion and deletes the rest of Governance Groups which have no connections associated with it. > **This API has limit number of Governance Groups can be deleted at one time. If the request contains more then 100 Governance Groups IDs to be deleted then the API will throw an exception.** requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/WorkgroupBulkDeleteRequest' example: ids: - 567a697e-885b-495a-afc5-d55e1c23a302 - c7b0f7b2-1e78-4063-b294-a555333dacd2 responses: '207': description: Governance Group bulk delete response. content: application/json: schema: $ref: '#/components/schemas/WorkgroupBulkDeleteResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:workgroup:manage - applicationAuth: - idn:workgroup:manage parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true /workgroups/{workgroupId}/connections: get: operationId: listConnections tags: - Governance Groups summary: List connections for governance group description: This API returns list of connections associated with a Governance Group. parameters: - name: workgroupId in: path description: ID of the Governance Group. required: true schema: type: string example: 2c91808a7813090a017814121919ecca - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit50' - $ref: '#/components/parameters/count' - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified** example: name,-modified required: false - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List all connections associated with a Governance Group. content: application/json: schema: type: array items: $ref: '#/components/schemas/WorkgroupConnectionDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:workgroup:read - idn:workgroup:manage - applicationAuth: - idn:workgroup:read - idn:workgroup:manage /workgroups/{workgroupId}/members: get: operationId: listWorkgroupMembers tags: - Governance Groups summary: List governance group members description: This API returns list of members associated with a Governance Group. parameters: - name: workgroupId in: path description: ID of the Governance Group. required: true schema: type: string example: 2c91808a7813090a017814121919ecca - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/limit50' - $ref: '#/components/parameters/count' - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified** example: name,-modified required: false - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List all members associated with a Governance Group. content: application/json: schema: type: array items: type: object description: Identity of workgroup member. properties: type: type: string description: Workgroup member identity DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Workgroup member identity ID. example: 2c7180a46faadee4016fb4e018c20642 name: type: string description: Workgroup member identity display name. example: Michael Michaels email: type: string description: Workgroup member identity email. example: michael.michaels@sailpoint.com '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:workgroup:read - idn:workgroup:manage - applicationAuth: - idn:workgroup:read - idn:workgroup:manage /workgroups/{workgroupId}/members/bulk-add: post: operationId: updateWorkgroupMembers security: - userAuth: - idn:workgroup:write - applicationAuth: - idn:workgroup:write tags: - Governance Groups summary: Add members to governance group description: |- This API adds one or more members to a Governance Group. A token with API, ORG_ADMIN authority is required to call this API. > **Following field of Identity is an optional field in the request.** > **name** parameters: - name: workgroupId in: path description: ID of the Governance Group. required: true schema: type: string example: 2c91808a7813090a017814121919ecca - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: description: List of identities to be added to a Governance Group members list. required: true content: application/json: schema: $ref: '#/components/schemas/BulkWorkgroupMembersRequest' responses: '207': description: List of added and not added identities into Governance Group members list. content: application/json: schema: $ref: '#/components/schemas/WorkgroupMemberBulkAddResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /workgroups/{workgroupId}/members/bulk-delete: post: operationId: deleteWorkgroupMembers security: - userAuth: - idn:workgroup:write - applicationAuth: - idn:workgroup:write x-sailpoint-userLevels: - ORG_ADMIN tags: - Governance Groups summary: Remove members from governance group description: |- This API removes one or more members from a Governance Group. A > **Following field of Identity is an optional field in the request.** > **name** parameters: - name: workgroupId in: path description: ID of the Governance Group. required: true schema: type: string example: 2c91808a7813090a017814121919ecca - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: description: List of identities to be removed from a Governance Group members list. required: true content: application/json: schema: $ref: '#/components/schemas/BulkWorkgroupMembersRequest' responses: '207': description: List of deleted and not deleted identities from Governance Group members list. content: application/json: schema: $ref: '#/components/schemas/WorkgroupMemberBulkDeleteResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /form-definitions: get: tags: - Custom Forms summary: Export form definitions by tenant. description: No parameters required. operationId: searchFormDefinitionsByTenant parameters: - name: offset in: query description: |- Offset Integer specifying the offset of the first result from the beginning of the collection. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results). The offset value is record-based, not page-based, and the index starts at 0. schema: type: integer format: int64 default: 0 x-go-name: Offset example: 250 required: false x-go-name: Offset - name: limit in: query description: |- Limit Integer specifying the maximum number of records to return in a single API call. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results). If it is not specified, a default limit is used. schema: type: integer format: int64 maxLength: 250 minLength: 0 default: 250 x-go-name: Limit example: 250 required: false x-go-name: Limit - name: filters in: query description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **name**: *eq, gt, sw, in* **description**: *eq, gt, sw, in* **created**: *eq, gt, sw, in* **modified**: *eq, gt, sw, in* schema: type: string x-go-name: Filters example: name sw "my form" required: false x-go-name: Filters - name: sorters in: query description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, description, created, modified** schema: type: string default: name x-go-name: Sorters example: name required: false x-go-name: Sorters responses: '200': description: Returns a list of form definitions by tenant content: application/json: schema: $ref: '#/components/schemas/ListFormDefinitionsByTenantResponse' '400': description: An error with the request occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '401': description: An error with the authorization occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '403': description: An error with the user permissions occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '429': description: Too many requests content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: An internal server error occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID security: - userAuth: - sp:forms:read - sp:forms:manage x-sailpoint-userLevels: - ORG_ADMIN post: tags: - Custom Forms summary: Creates a form definition. operationId: createFormDefinition requestBody: description: Body is the request payload to create form definition request content: application/json: schema: $ref: '#/components/schemas/CreateFormDefinitionRequest' example: name: my form description: my form description owner: type: IDENTITY id: 00000000-0000-0000-0000-000000000000 formElements: - id: '000000000000' elementType: SECTION config: alignment: LEFT description: elementType must be 'SECTION' for the root formElements, child formElements must be within the 'config' attribute label: Section labelStyle: h2 showLabel: true formElements: - id: '0000000000000' key: textField elementType: TEXT config: default: '' description: '' helpText: form element type text label: Text Field placeholder: '' required: false validations: [] required: false responses: '201': description: Returns a new form definition content: application/json: schema: $ref: '#/components/schemas/FormDefinitionResponse' '400': description: An error with the request occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '401': description: An error with the authorization occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '403': description: An error with the user permissions occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '429': description: Too many requests content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: An internal server error occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID security: - userAuth: - sp:forms:manage x-sailpoint-userLevels: - ORG_ADMIN x-codegen-request-body-name: Body /form-definitions/{formDefinitionID}: get: tags: - Custom Forms summary: Return a form definition. description: Parameter `{formDefinitionID}` should match a form definition ID. operationId: getFormDefinitionByKey parameters: - name: formDefinitionID in: path description: Form definition ID required: true x-sailpoint-resource-operation-id: searchFormDefinitionsByTenant schema: type: string x-go-name: FormDefinitionID example: 00000000-0000-0000-0000-000000000000 x-go-name: FormDefinitionID responses: '200': description: Returns a form definition content: application/json: schema: $ref: '#/components/schemas/FormDefinitionResponse' '400': description: An error with the request occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '401': description: An error with the authorization occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '403': description: An error with the user permissions occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '404': description: An error with the item not found content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '429': description: Too many requests content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: An internal server error occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID security: - userAuth: - sp:forms:read - sp:forms:manage delete: tags: - Custom Forms summary: Deletes a form definition. description: Parameter `{formDefinitionID}` should match a form definition ID. operationId: deleteFormDefinition parameters: - name: formDefinitionID in: path description: Form definition ID required: true x-sailpoint-resource-operation-id: searchFormDefinitionsByTenant schema: type: string x-go-name: FormDefinitionID example: 00000000-0000-0000-0000-000000000000 x-go-name: FormDefinitionID responses: '204': description: Returns an empty body content: application/json: schema: $ref: '#/components/schemas/Nil' '400': description: An error with the request occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '401': description: An error with the authorization occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '403': description: An error with the user permissions occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '404': description: An error with the item not found content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '429': description: Too many requests content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: An internal server error occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID security: - userAuth: - sp:forms:manage patch: tags: - Custom Forms summary: Patch a form definition. description: Parameter `{formDefinitionID}` should match a form definition ID. operationId: patchFormDefinition parameters: - name: formDefinitionID in: path description: Form definition ID required: true x-sailpoint-resource-operation-id: searchFormDefinitionsByTenant schema: type: string x-go-name: FormDefinitionID example: 00000000-0000-0000-0000-000000000000 x-go-name: FormDefinitionID requestBody: description: 'Body is the request payload to patch a form definition, check: https://jsonpatch.com' content: application/json: schema: $ref: '#/components/schemas/Patch' example: - op: replace path: /description value: test-description required: false responses: '200': description: Returns the form definition updated content: application/json: schema: $ref: '#/components/schemas/FormDefinitionResponse' '400': description: An error with the request occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '401': description: An error with the authorization occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '403': description: An error with the user permissions occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '404': description: An error with the user permissions occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '429': description: Too many requests content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: An internal server error occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID security: - userAuth: - sp:forms:manage x-codegen-request-body-name: Body /form-definitions/{formDefinitionID}/data-source: post: tags: - Custom Forms summary: Preview form definition data source. operationId: showPreviewDataSource parameters: - name: formDefinitionID in: path description: Form definition ID required: true x-sailpoint-resource-operation-id: searchFormDefinitionsByTenant schema: type: string x-go-name: FormDefinitionID example: 00000000-0000-0000-0000-000000000000 x-go-name: FormDefinitionID - name: limit in: query description: |- Limit Integer specifying the maximum number of records to return in a single API call. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results). If it is not specified, a default limit is used. schema: type: integer format: int64 maxLength: 250 minLength: 0 default: 10 x-go-name: Limit example: 10 required: false x-go-name: Limit - name: filters in: query description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **value**: *eq, ne, in* Supported composite operators: *not* Only a single *not* may be used, and it can only be used with the `in` operator. The `not` composite operator must be used in front of the field. For example, the following is valid: `not value in ("ID01")` schema: type: string x-go-name: Filters example: value eq "ID01" required: false x-go-name: Filters - name: query in: query description: String that is passed to the underlying API to filter other (non-ID) fields. For example, for access profile data sources, this string will be passed to the access profile api and used with a "starts with" filter against several fields. schema: type: string x-go-name: Query example: ac required: false x-go-name: Query requestBody: description: Body is the request payload to create a form definition dynamic schema content: application/json: schema: $ref: '#/components/schemas/FormElementPreviewRequest' required: false responses: '200': description: Returns a preview of a form definition data source content: application/json: schema: $ref: '#/components/schemas/PreviewDataSourceResponse' '400': description: An error with the request occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '401': description: An error with the authorization occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '403': description: An error with the user permissions occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '404': description: An error with the item not found content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '429': description: Too many requests content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: An internal server error occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID security: - userAuth: - sp:forms:read - sp:forms:manage /form-definitions/export: get: tags: - Custom Forms summary: List form definitions by tenant. description: No parameters required. operationId: exportFormDefinitionsByTenant parameters: - name: offset in: query description: |- Offset Integer specifying the offset of the first result from the beginning of the collection. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results). The offset value is record-based, not page-based, and the index starts at 0. schema: type: integer format: int64 default: 0 minimum: 0 x-go-name: Offset example: 0 required: false x-go-name: Offset - name: limit in: query description: |- Limit Integer specifying the maximum number of records to return in a single API call. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results). If it is not specified, a default limit is used. schema: type: integer format: int64 minimum: 0 maximum: 250 default: 250 x-go-name: Limit example: 250 required: false x-go-name: Limit - name: filters in: query description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **name**: *eq, gt, sw, in* **description**: *eq, gt, sw, in* **created**: *eq, gt, sw, in* **modified**: *eq, gt, sw, in* schema: type: string x-go-name: Filters example: name sw "my form" required: false x-go-name: Filters - name: sorters in: query description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, description, created, modified** schema: type: string default: name x-go-name: Sorters example: name required: false x-go-name: Sorters responses: '200': description: Returns a list of form definition objects by tenant used by SP-Config content: application/json: schema: type: array items: type: object properties: object: $ref: '#/components/schemas/FormDefinitionResponse' self: type: object properties: object: $ref: '#/components/schemas/FormDefinitionSelfImportExportDto' x-go-name: Self version: type: integer format: int32 x-go-name: Version '400': description: An error with the request occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '401': description: An error with the authorization occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '403': description: An error with the user permissions occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '429': description: Too many requests content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: An internal server error occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID security: - userAuth: - sp:config:read - sp:forms:manage - sp:config:manage x-sailpoint-userLevels: - ORG_ADMIN /form-definitions/forms-action-dynamic-schema: post: tags: - Custom Forms summary: Generate json schema dynamically. operationId: createFormDefinitionDynamicSchema requestBody: description: Body is the request payload to create a form definition dynamic schema content: application/json: schema: $ref: '#/components/schemas/FormDefinitionDynamicSchemaRequest' example: id: sp:forms attributes: formDefinitionId: 00000000-0000-0000-0000-000000000000 description: AnotherDescription type: action versionNumber: 1 required: false responses: '200': description: Returns a form elements dynamic schema content: application/json: schema: $ref: '#/components/schemas/FormDefinitionDynamicSchemaResponse' '400': description: An error with the request occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '401': description: An error with the authorization occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '403': description: An error with the user permissions occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '404': description: An error with the item not found content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '429': description: Too many requests content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: An internal server error occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID security: - userAuth: - sp:forms:read - sp:forms:manage x-codegen-request-body-name: Body /form-definitions/import: post: tags: - Custom Forms summary: Import form definitions from export. operationId: importFormDefinitions requestBody: description: Body is the request payload to import form definitions content: application/json: schema: type: array items: type: object properties: object: $ref: '#/components/schemas/FormDefinitionResponse' self: type: string x-go-name: Self version: type: integer format: int32 x-go-name: Version example: - version: 1 self: name: All fields not required id: 05ed4edb-d0a9-41d9-ad0c-2f6e486ec4aa type: FORM_DEFINITION object: id: 05ed4edb-d0a9-41d9-ad0c-2f6e486ec4aa name: All fields not required description: description owner: type: IDENTITY id: 3447d8ec2602455ab6f1e8408a0f0150 usedBy: - type: WORKFLOW id: 5008594c-dacc-4295-8fee-41df60477304 - type: WORKFLOW id: 97e75a75-c179-4fbc-a2da-b5fa4aaa8743 formInput: - type: STRING label: input1 description: A single dynamic scalar value (i.e. number, string, date, etc) that can be passed into the form for use in conditional logic formElements: - id: '3069272797630701' elementType: SECTION config: label: First Section formElements: - id: '3069272797630700' elementType: TEXT key: firstName config: label: First Name - id: '3498415402897539' elementType: TEXT key: lastName config: label: Last Name formConditions: - ruleOperator: AND rules: - sourceType: INPUT source: Department operator: EQ valueType: STRING value: Sales effects: - effectType: HIDE config: element: '2614088730489570' created: '2022-10-04T19:27:04.456Z' modified: '2022-11-16T20:45:02.172Z' required: false responses: '202': description: Returns statuses of those form definition objects imported content: application/json: schema: type: object properties: errors: type: array items: type: object properties: detail: type: object additionalProperties: type: object x-go-name: Detail key: type: string x-go-name: Key text: type: string x-go-name: Text x-go-name: Errors importedObjects: type: array items: type: object properties: object: $ref: '#/components/schemas/FormDefinitionResponse' self: type: string x-go-name: Self version: type: integer format: int32 x-go-name: Version x-go-name: ImportedObjects infos: type: array items: type: object properties: detail: type: object additionalProperties: type: object x-go-name: Detail key: type: string x-go-name: Key text: type: string x-go-name: Text x-go-name: Infos warnings: type: array items: type: object properties: detail: type: object additionalProperties: type: object x-go-name: Detail key: type: string x-go-name: Key text: type: string x-go-name: Text x-go-name: Warnings '400': description: An error with the request occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '401': description: An error with the authorization occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '403': description: An error with the user permissions occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '429': description: Too many requests content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: An internal server error occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID security: - userAuth: - sp:forms:manage - sp:config:manage x-codegen-request-body-name: Body /form-definitions/{formDefinitionID}/upload: post: tags: - Custom Forms summary: Upload new form definition file. description: Parameter `{formDefinitionID}` should match a form definition ID. operationId: createFormDefinitionFileRequest parameters: - name: formDefinitionID in: path description: |- FormDefinitionID String specifying FormDefinitionID required: true x-sailpoint-resource-operation-id: searchFormDefinitionsByTenant example: 00000000-0000-0000-0000-000000000000 schema: type: string x-go-name: FormDefinitionID x-go-name: FormDefinitionID requestBody: content: multipart/form-data: schema: type: object required: - file properties: file: type: string description: File specifying the multipart format: binary x-go-name: File encoding: file: contentType: image/png, image/jpeg required: true responses: '201': description: Returns a new form definition file content: application/json: schema: $ref: '#/components/schemas/FormDefinitionFileUploadResponse' '400': description: An error with the request occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '401': description: An error with the authorization occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '403': description: An error with the user permissions occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '404': description: An error with the item not found content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '413': description: An error with payload size too large content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '415': description: An error with unsupported media type content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '429': description: Too many requests content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: An internal server error occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '503': description: An external service is not available content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID security: - userAuth: - sp:forms:manage x-codegen-request-body-name: Body /form-definitions/{formDefinitionID}/file/{fileID}: get: tags: - Custom Forms summary: Download definition file by fileid. operationId: getFileFromS3 parameters: - name: formDefinitionID in: path description: |- FormDefinitionID Form definition ID required: true x-sailpoint-resource-operation-id: searchFormDefinitionsByTenant example: 00000000-0000-0000-0000-000000000000 schema: type: string x-go-name: FormDefinitionID x-go-name: FormDefinitionID - name: fileID in: path description: |- FileID String specifying the hashed name of the uploaded file we are retrieving. required: true x-sailpoint-resource-operation-id: createFormDefinitionFileRequest example: 00000031N0J7R2B57M8YG73J7M.png schema: type: string x-go-name: FileID x-go-name: FileID responses: '200': description: Returns a file that is referred to by fileID and associated with the formDefinitionID content: application/json: schema: type: string format: binary image/jpeg: schema: type: string format: binary image/png: schema: type: string format: binary application/octet-stream: schema: type: string format: binary '400': description: An error with the request occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/jpeg: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/png: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID application/octet-stream: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '401': description: An error with the authorization occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/jpeg: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/png: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID application/octet-stream: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '403': description: An error with the user permissions occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/jpeg: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/png: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID application/octet-stream: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '404': description: An error with the item not found content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/jpeg: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/png: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID application/octet-stream: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '429': description: Too many requests content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: An internal server error occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/jpeg: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/png: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID application/octet-stream: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '503': description: An external service is not available content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/jpeg: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/png: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID application/octet-stream: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID security: - userAuth: - sp:forms:read - sp:forms:manage x-codegen-request-body-name: Body /form-instances: get: x-sailpoint-userLevels: - ORG_ADMIN tags: - Custom Forms summary: List form instances by tenant. description: Returns a list of form instances for the tenant. Optionally filter by form definition ID. operationId: searchFormInstancesByTenant parameters: - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **formDefinitionId**: *eq* example: formDefinitionId eq "351c1daa-56f6-4bbf-b32c-49844c0b716e" required: false responses: '200': description: Returns a list of form instances by tenant content: application/json: schema: type: array items: $ref: '#/components/schemas/ListFormInstancesByTenantResponse' '400': description: An error with the request occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '401': description: An error with the authorization occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '403': description: An error with the user permissions occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '429': description: Too many requests content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: An internal server error occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID security: - userAuth: - sp:forms:read - sp:forms:manage post: x-sailpoint-userLevels: - ORG_ADMIN tags: - Custom Forms summary: Creates a form instance. operationId: createFormInstance requestBody: description: Body is the request payload to create a form instance content: application/json: schema: $ref: '#/components/schemas/CreateFormInstanceRequest' example: expire: '2023-06-20T15:57:55.332882Z' formDefinitionId: 00000000-0000-0000-0000-000000000000 recipients: - type: IDENTITY id: an-identity-id createdBy: type: WORKFLOW_EXECUTION id: a-workflow-execution-id required: false responses: '201': description: Returns a new form instance content: application/json: schema: $ref: '#/components/schemas/FormInstanceResponse' '400': description: An error with the request occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '401': description: An error with the authorization occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '403': description: An error with the user permissions occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '429': description: Too many requests content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: An internal server error occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID security: - userAuth: - sp:forms:manage x-codegen-request-body-name: Body /form-instances/{formInstanceID}: get: tags: - Custom Forms summary: Returns a form instance. description: Parameter `{formInstanceID}` should match a form instance ID. operationId: getFormInstanceByKey parameters: - name: formInstanceID in: path description: Form instance ID required: true x-sailpoint-resource-operation-id: searchFormInstancesByTenant schema: type: string x-go-name: FormInstanceID example: 00000000-0000-0000-0000-000000000000 x-go-name: FormInstanceID responses: '200': description: Returns a form instance by its key content: application/json: schema: $ref: '#/components/schemas/FormInstanceResponse' '400': description: An error with the request occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '401': description: An error with the authorization occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '403': description: An error with the user permissions occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '404': description: An error with the item not found content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '429': description: Too many requests content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: An internal server error occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID security: - userAuth: [] patch: tags: - Custom Forms summary: Patch a form instance. description: Parameter `{formInstanceID}` should match a form instance ID. operationId: patchFormInstance parameters: - name: formInstanceID in: path description: Form instance ID required: true x-sailpoint-resource-operation-id: searchFormInstancesByTenant schema: type: string x-go-name: FormInstanceID example: 00000000-0000-0000-0000-000000000000 x-go-name: FormInstanceID requestBody: description: 'Body is the request payload to patch a form instance, check: https://jsonpatch.com' content: application/json: schema: $ref: '#/components/schemas/Patch' example: - op: replace path: /state value: SUBMITTED - op: replace path: /formData value: a-key-1: a-value-1 a-key-2: true a-key-3: 1 required: false responses: '200': description: Returns the form instance updated content: application/json: schema: $ref: '#/components/schemas/FormInstanceResponse' '400': description: An error with the request occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '401': description: An error with the authorization occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '403': description: An error with the user permissions occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '404': description: An error with the item not found content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '409': description: An error with the request property conflicts with stored content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '429': description: Too many requests content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: An internal server error occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID security: - userAuth: [] x-codegen-request-body-name: Body /form-instances/{formInstanceID}/data-source/{formElementID}: get: tags: - Custom Forms summary: Retrieves dynamic data by element. description: |- Parameter `{formInstanceID}` should match a form instance ID. Parameter `{formElementID}` should match a form element ID at the data source configuration. operationId: searchFormElementDataByElementID parameters: - name: formInstanceID in: path description: Form instance ID required: true x-sailpoint-resource-operation-id: searchFormDefinitionsByTenant schema: type: string x-go-name: FormInstanceID example: 00000000-0000-0000-0000-000000000000 x-go-name: FormInstanceID - name: formElementID in: path description: Form element ID required: true x-sailpoint-resource-operation-id: getFormInstanceByKey schema: type: string x-go-name: FormElementID example: 1 x-go-name: FormElementID - name: limit in: query description: |- Limit Integer specifying the maximum number of records to return in a single API call. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results). If it is not specified, a default limit is used. schema: type: integer format: int64 maxLength: 250 minLength: 0 default: 250 x-go-name: Limit example: 250 required: false x-go-name: Limit - name: filters in: query description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **value**: *eq, ne, in* Supported composite operators: *not* Only a single *not* may be used, and it can only be used with the `in` operator. The `not` composite operator must be used in front of the field. For example, the following is valid: `not value in ("ID01")` schema: type: string x-go-name: Filters example: value eq "ID01" required: false x-go-name: Filters - name: query in: query description: String that is passed to the underlying API to filter other (non-ID) fields. For example, for access profile data sources, this string will be passed to the access profile api and used with a "starts with" filter against several fields. schema: type: string x-go-name: Query example: support required: false x-go-name: Query responses: '200': description: Retrieves dynamic data to aid in correctly completing a valid form by form element ID from data source configuration content: application/json: schema: $ref: '#/components/schemas/ListFormElementDataByElementIDResponse' '400': description: An error with the request occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '401': description: An error with the authorization occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '403': description: An error with the user permissions occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '404': description: An error with the item not found content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '429': description: Too many requests content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: An internal server error occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID security: - userAuth: [] /form-instances/{formInstanceID}/file/{fileID}: get: tags: - Custom Forms summary: Download instance file by fileid. operationId: getFormInstanceFile parameters: - name: formInstanceID in: path description: |- FormInstanceID Form instance ID required: true x-sailpoint-resource-operation-id: searchFormDefinitionsByTenant example: 00000000-0000-0000-0000-000000000000 schema: type: string x-go-name: FormInstanceID x-go-name: FormInstanceID - name: fileID in: path description: |- FileID String specifying the hashed name of the uploaded file we are retrieving. required: true x-sailpoint-resource-operation-id: createFormDefinitionFileRequest example: 00000031N0J7R2B57M8YG73J7M.png schema: type: string x-go-name: FileID x-go-name: FileID responses: '200': description: Returns a file that is referred to by fileID and associated with the formInstanceID content: application/json: schema: type: string format: binary image/jpeg: schema: type: string format: binary image/png: schema: type: string format: binary application/octet-stream: schema: type: string format: binary '400': description: An error with the request occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/jpeg: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/png: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID application/octet-stream: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '401': description: An error with the authorization occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/jpeg: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/png: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID application/octet-stream: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '403': description: An error with the user permissions occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/jpeg: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/png: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID application/octet-stream: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '404': description: An error with the item not found content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/jpeg: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/png: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID application/octet-stream: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '429': description: Too many requests content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: An internal server error occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/jpeg: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/png: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID application/octet-stream: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '503': description: An external service is not available content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/jpeg: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID image/png: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID application/octet-stream: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID security: - userAuth: - sp:forms:manage x-codegen-request-body-name: Body /form-definitions/predefined-select-options: get: tags: - Custom Forms summary: List predefined select options. description: No parameters required. operationId: searchPreDefinedSelectOptions responses: '200': description: Returns a list of available predefined select options content: application/json: schema: $ref: '#/components/schemas/ListPredefinedSelectOptionsResponse' '400': description: An error with the request occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '401': description: An error with the authorization occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '403': description: An error with the user permissions occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID '429': description: Too many requests content: application/json: schema: $ref: '#/components/schemas/Error' '500': description: An internal server error occurred content: application/json: schema: type: object properties: detailCode: type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages statusCode: type: integer format: int64 x-go-name: StatusCode trackingId: type: string x-go-name: TrackingID security: - userAuth: - sp:forms:read - sp:forms:manage /access-request-identity-metrics/{identityId}/requested-objects/{requestedObjectId}/type/{type}: get: tags: - Access Request Identity Metrics summary: Return access request identity metrics description: Use this API to return information access metrics. operationId: getAccessRequestIdentityMetrics parameters: - name: identityId in: path description: Manager's identity ID. required: true x-sailpoint-resource-operation-id: listIdentities schema: type: string example: 7025c863-c270-4ba6-beea-edf3cb091573 - name: requestedObjectId in: path description: Requested access item's ID. required: true schema: type: string example: 2db501be-f0fb-4cc5-a695-334133c52891 x-sailpoint-resource-operation-id: - listEntitlements - listRoles - listAccessProfiles - name: type in: path description: Requested access item's type. required: true schema: type: string enum: - ENTITLEMENT - ROLE - ACCESS_PROFILE example: ENTITLEMENT security: - userAuth: - idn:access-request-approvals:read - idn:access-request-approvals:manage x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN responses: '200': description: Summary of the resource access and source activity for the direct reports of the provided manager. content: application/json: schema: type: object items: $ref: '#/components/schemas/AccessRequestIdentityMetrics' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /icons/{objectType}/{objectId}: put: operationId: setIcon tags: - Icons summary: Update an icon description: This API endpoint updates an icon by object type and object id. A token with ORG_ADMIN authority is required to call this API. parameters: - in: path name: objectType schema: type: string enum: - application required: true description: Object type. Available options ['application'] example: application - in: path name: objectId schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: Object id. example: a291e870-48c3-4953-b656-fb5ce2a93169 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: required: true content: multipart/form-data: schema: type: object required: - image properties: image: type: string format: binary description: file with icon. Allowed mime-types ['image/png', 'image/jpeg'] example: \x00\x00\x00\x02 security: - userAuth: - idn:icons:manage - applicationAuth: - idn:icons:manage responses: '200': description: Icon updated content: application/json: schema: type: object properties: icon: type: string description: url to file with icon example: '' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteIcon tags: - Icons summary: Delete an icon description: This API endpoint delete an icon by object type and object id. A token with ORG_ADMIN authority is required to call this API. parameters: - in: path name: objectType schema: type: string enum: - application required: true description: Object type. Available options ['application'] example: application - in: path name: objectId schema: type: string required: true x-sailpoint-resource-operation-id: listSources description: Object id. example: a291e870-48c3-4953-b656-fb5ce2a93169 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true security: - userAuth: - idn:icons:manage - applicationAuth: - idn:icons:manage responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /suggested-entitlement-description-batches/{batchId}/stats: get: tags: - Suggested Entitlement Description operationId: getSedBatchStats summary: Submit sed batch stats request description: | 'Submit Sed Batch Stats Request. Submits batchId in the path param `(e.g. {batchId}/stats)`. API responses with stats of the batchId.' parameters: - name: batchId in: path description: Batch Id schema: type: string format: uuid example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb required: true x-sailpoint-resource-operation-id: getSedBatches responses: '200': description: Stats of Sed batch. content: application/json: schema: $ref: '#/components/schemas/SedBatchStats' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:sed:read - applicationAuth: - idn:sed:read x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN /suggested-entitlement-description-batches: get: tags: - Suggested Entitlement Description operationId: getSedBatches summary: List Sed Batch Record description: |- List Sed Batches. API responses with Sed Batch Records parameters: - name: offset in: query description: |- Offset Integer specifying the offset of the first result from the beginning of the collection. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results). The offset value is record-based, not page-based, and the index starts at 0. schema: type: integer format: int64 default: 0 x-go-name: Offset example: 0 required: false x-go-name: Offset - name: limit in: query description: |- Limit Integer specifying the maximum number of records to return in a single API call. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results). If it is not specified, a default limit is used. schema: type: integer format: int64 maxLength: 250 minLength: 0 default: 250 x-go-name: Limit example: 250 required: false x-go-name: Limit - name: count in: query description: |- If `true` it will populate the `X-Total-Count` response header with the number of results that would be returned if `limit` and `offset` were ignored. The standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-results). Since requesting a total count can have a performance impact, it is recommended not to send `count=true` if that value will not be used. schema: type: boolean default: false example: true required: false - name: count-only in: query description: |- If `true` it will populate the `X-Total-Count` response header with the number of results that would be returned if `limit` and `offset` were ignored. This parameter differs from the `count` parameter in that this one skips executing the actual query and always return an empty array. schema: type: boolean default: false example: true required: false - name: status in: query description: Batch Status schema: type: string example: completed, failed, submitted, materialized, failed required: false responses: '200': description: List of Sed Batch Records content: application/json: schema: items: $ref: '#/components/schemas/SedBatchRecord' type: array '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:sed:read - applicationAuth: - idn:sed:read x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN post: tags: - Suggested Entitlement Description operationId: submitSedBatchRequest summary: Submit sed batch request description: |- Submit Sed Batch Request. Request body has one of the following: - a list of entitlement Ids - a list of SED Ids that user wants to have description generated by LLM. API responses with batchId that groups Ids together requestBody: description: Sed Batch Request content: application/json-patch+json: schema: $ref: '#/components/schemas/SedBatchRequest' responses: '200': description: Sed Batch Response content: application/json: schema: $ref: '#/components/schemas/SedBatchResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:sed:write - applicationAuth: - idn:sed:write x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN /suggested-entitlement-description-approvals: post: tags: - Suggested Entitlement Description summary: Submit bulk approval request description: |- Submit Bulk Approval Request for SED. Request body takes list of SED Ids. API responses with list of SED Approval Status operationId: submitSedApproval requestBody: description: Sed Approval content: application/json-patch+json: schema: items: $ref: '#/components/schemas/SedApproval' type: array required: true responses: '200': description: List of SED Approval Status content: application/json: schema: items: $ref: '#/components/schemas/SedApprovalStatus' type: array '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:sed:write - applicationAuth: - idn:sed:write x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN /suggested-entitlement-description-assignments: post: tags: - Suggested Entitlement Description operationId: submitSedAssignment summary: Submit sed assignment request description: |- Submit Assignment Request. Request body has an assignee, and list of SED Ids that are assigned to that assignee API responses with batchId that groups all approval requests together requestBody: description: Sed Assignment Request content: application/json-patch+json: schema: $ref: '#/components/schemas/SedAssignment' required: true responses: '202': description: Sed Assignment Response content: application/json: schema: $ref: '#/components/schemas/SedAssignmentResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:sed:write - applicationAuth: - idn:sed:write x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN /suggested-entitlement-descriptions: get: tags: - Suggested Entitlement Description operationId: listSeds summary: List suggested entitlement descriptions description: |- List of Suggested Entitlement Descriptions (SED) SED field descriptions: **batchId**: the ID of the batch of entitlements that are submitted for description generation **displayName**: the display name of the entitlement that we are generating a description for **sourceName**: the name of the source associated with the entitlement that we are generating the description for **sourceId**: the ID of the source associated with the entitlement that we are generating the description for **status**: the status of the suggested entitlement description, valid status options: "requested", "suggested", "not_suggested", "failed", "assigned", "approved", "denied" **fullText**: will filter suggested entitlement description records by text found in any of the following fields: entitlement name, entitlement display name, suggested description, source name parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - $ref: '#/components/parameters/count' - description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **batchId**: *eq, ne* **displayName**: *eq, ne, co* **sourceName**: *eq, ne, co* **sourceId**: *eq, ne* **status**: *eq, ne* **fullText**: *co* in: query name: filters example: displayName co "Read and Write" required: false schema: type: string - description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **displayName, sourceName, status** in: query name: sorters required: false example: sorters=displayName schema: type: string - description: |- If `true` it will populate the `X-Total-Count` response header with the number of results that would be returned if `limit` and `offset` were ignored. This parameter differs from the count parameter in that this one skips executing the actual query and always return an empty array. in: query name: count-only required: false example: count-only=true schema: type: boolean default: false - description: |- By default, the ListSeds API will only return items that you have requested to be generated. This option will allow you to see all items that have been requested in: query name: requested-by-anyone example: requested-by-anyone=true required: false schema: type: boolean default: false - description: Will limit records to items that are in "suggested" or "approved" status in: query name: show-pending-status-only example: show-pending-status-only=true required: false schema: type: boolean default: false responses: '200': description: List of Suggested Entitlement Details content: application/json: schema: items: $ref: '#/components/schemas/Sed' type: array '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:sed:read - applicationAuth: - idn:sed:read x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN patch: tags: - Suggested Entitlement Description operationId: patchSed summary: Patch suggested entitlement description description: Patch Suggested Entitlement Description parameters: - description: id is sed id in: path name: id example: ebab396f-0af1-4050-89b7-dafc63ec70e7 required: true x-sailpoint-resource-operation-id: listSeds schema: type: string format: uuid requestBody: description: Sed Patch Request content: application/json-patch+json: schema: items: $ref: '#/components/schemas/SedPatch' type: array required: true responses: '200': description: detail of patched sed content: application/json: schema: $ref: '#/components/schemas/Sed' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' security: - userAuth: - idn:sed:write - applicationAuth: - idn:sed:write x-sailpoint-userLevels: - ORG_ADMIN - SOURCE_ADMIN - SOURCE_SUBADMIN /discovered-applications: get: operationId: getDiscoveredApplications tags: - Application Discovery summary: Get discovered applications for tenant description: | Get a list of applications that have been identified within the environment. This includes details such as application names, discovery dates, potential correlated saas_vendors and related suggested connectors. security: - userAuth: - idn:application-discovery:read parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - in: query name: detail schema: type: string enum: - SLIM - FULL description: Determines whether slim, or increased level of detail is provided for each discovered application in the returned list. SLIM is the default behavior. example: FULL - in: query name: filter schema: type: string description: | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **name**: *eq, sw, co* **description**: *eq, sw, co* **createdAtStart**: *eq, le, ge* **createdAtEnd**: *eq, le, ge* **discoveredAtStart**: *eq, le, ge* **discoveredAtEnd**: *eq, le, ge* **discoverySource**: *eq, in* example: name eq "Okta" and description co "Okta" and discoverySource in ("csv", "Okta Saas") required: false style: form - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, description, discoveredAt, discoverySource** example: name responses: '200': description: List of discovered applications. By default, the API returns a list of SLIM discovered applications. content: application/json: schema: type: array items: oneOf: - $ref: '#/components/schemas/SlimDiscoveredApplications' - $ref: '#/components/schemas/FullDiscoveredApplications' examples: Slim Discovered Application: $ref: '#/components/examples/SlimDiscoveredApplications' Discovered Application: $ref: '#/components/examples/FullDiscoveredApplications' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /manual-discover-applications-template: get: summary: Download csv template for discovery tags: - Application Discovery description: | Download an example CSV file with two columns `application_name` and `description`. The CSV file contains a single row with the values 'Example Application' and 'Example Description'. The downloaded template is specifically designed for use with the `/manual-discover-applications` endpoint. security: - userAuth: - idn:application-discovery:read operationId: getManualDiscoverApplicationsCsvTemplate responses: '200': description: A CSV file download was successful. content: text/csv: schema: $ref: '#/components/schemas/ManualDiscoverApplicationsTemplate' example: | application_name,description Example Application,Example Description '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /manual-discover-applications: post: summary: Upload csv to discover applications tags: - Application Discovery description: |- Uploading a CSV file with application data for manual correlation to specific ISC connectors. If a suitable ISC connector is unavailable, the system will recommend generic connectors instead. security: - userAuth: - idn:application-discovery:write - applicationAuth: - idn:application-discovery:write operationId: sendManualDiscoverApplicationsCsvTemplate requestBody: content: multipart/form-data: schema: $ref: '#/components/schemas/ManualDiscoverApplications' responses: '200': description: The CSV has been successfully processed. '400': $ref: '#/components/responses/400' description: | Bad request - There was an error with the CSV format or validation failed (e.g., `application_name` missing). Error message should be provided in response. '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /source-apps/{id}: get: operationId: getSourceApp tags: - Apps summary: Get source app by id description: This API returns a source app by its ID. security: - userAuth: - idn:app-roles:read - idn:app-roles:manage - applicationAuth: - idn:app-roles:read - idn:app-roles:manage parameters: - name: id in: path description: ID of the source app required: true x-sailpoint-resource-operation-id: listAllSourceApp schema: type: string example: 2c91808a7813090a017814121e121518 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Responds with the source app. content: application/json: schema: $ref: '#/components/schemas/SourceApp' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' patch: operationId: patchSourceApp tags: - Apps summary: Patch source app by id description: |- This API updates an existing source app using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax. The following fields are patchable: **name**, **description**, **enabled**, **owner**, **provisionRequestEnabled**, **appCenterEnabled**, **accountSource**, **matchAllAccounts** and **accessProfiles**. Name, description and owner can't be empty or null. security: - userAuth: - idn:app-roles:manage - applicationAuth: - idn:app-roles:manage parameters: - name: id in: path description: ID of the source app to patch required: true x-sailpoint-resource-operation-id: listAllSourceApp schema: type: string example: 2c91808a7813090a017814121e121518 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /enabled value: true examples: Make an app enabled and matchAllAccounts in one call: description: This example shows how multiple fields may be updated with a single patch call. value: - op: replace path: /enabled value: true - op: replace path: /matchAllAccounts value: true Replace an owner for an source app: description: This example shows how to use patch to replace the source app's owner by replacing the owner's info. value: - op: replace path: /owner value: id: 2c9180858315595501831958427e5424 Update the description for the source app: description: This example shows how to use patch to update a description for the source app. value: - op: replace path: /description value: new description for the source app Update the name for the source app: description: This example shows how to use patch to update the source app's name. value: - op: replace path: /name value: source app new name Add access profile: description: Add one access profile to the existing list value: - op: add path: /accessProfiles/- value: 2c9180857725c14301772a93bb77242d Replace access profiles: description: Replace all access profiles with a new list of access profiles value: - op: replace path: /accessProfiles value: - 2c9180857725c14301772a93bb77242d - c9575abb5e3a4e3db82b2f989a738aa2 Remove access profile: description: Remove the first access profile in the list value: - op: remove path: /accessProfiles/0 responses: '200': description: Responds with the source app as updated. content: application/json: schema: $ref: '#/components/schemas/SourceAppPatchDto' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteSourceApp security: - userAuth: - idn:app-roles:manage - applicationAuth: - idn:app-roles:manage tags: - Apps summary: Delete source app by id description: Use this API to delete a specific source app parameters: - in: path name: id schema: type: string required: true x-sailpoint-resource-operation-id: listAllSourceApp description: source app ID. example: 2c9180835d191a86015d28455b4a2329 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: Responds with the source app as deleted. content: application/json: schema: $ref: '#/components/schemas/SourceApp' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /source-apps/bulk-update: post: operationId: updateSourceAppsInBulk tags: - Apps summary: Bulk update source apps description: |- This API updates source apps using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax. It can update up to 50 source apps in a batch. The following fields can be updated: **name**, **description**, **enabled**, **owner**, **provisionRequestEnabled**, **appCenterEnabled**, **accountSource**, **matchAllAccounts**, and **accessProfiles**. Name, description and owner can't be empty or null. security: - userAuth: - idn:app-roles:manage - applicationAuth: - idn:app-roles:manage parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: content: application/json: schema: $ref: '#/components/schemas/SourceAppBulkUpdateRequest' responses: '204': $ref: '#/components/responses/204' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /source-apps/assigned: get: operationId: listAssignedSourceApp tags: - Apps summary: List assigned source apps security: - userAuth: - idn:app-roles:read - idn:app-roles:manage - applicationAuth: - idn:app-roles:read - idn:app-roles:manage description: This API returns the list of source apps assigned for logged in user. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - $ref: '#/components/parameters/offset' - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, created, modified, accountSource.id** example: name,-modified required: false style: form explode: true - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, in, co, sw* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* **accountSource.id**: *eq, in* example: name eq "source app name" required: false style: form explode: true - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of source apps content: application/json: schema: type: array items: $ref: '#/components/schemas/SourceApp' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /source-apps: get: operationId: listAvailableSourceApps tags: - Apps summary: List available source apps security: - userAuth: - idn:app-roles:read - idn:app-roles:manage - applicationAuth: - idn:app-roles:read - idn:app-roles:manage description: This API returns the list of source apps available for access request. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - $ref: '#/components/parameters/offset' - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, created, modified, owner.id, accountSource.id** example: name,-modified required: false style: form explode: true - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, in, co, sw* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* **accountSource.id**: *eq, in* example: name eq "source app name" required: false style: form explode: true - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of source apps content: application/json: schema: type: array items: $ref: '#/components/schemas/SourceApp' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' post: operationId: createSourceApp tags: - Apps summary: Create source app description: This endpoint creates a source app using the given source app payload security: - userAuth: - idn:app-roles:manage - applicationAuth: - idn:app-roles:manage parameters: - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SourceAppCreateDto' example: name: new app name description: app description matchAllAccounts: true accountSource: id: edcb0951812949d085b60cd8bf35bc78 responses: '200': description: Responds with the source app as created. content: application/json: schema: $ref: '#/components/schemas/SourceApp' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /source-apps/all: get: operationId: listAllSourceApp tags: - Apps summary: List all source apps security: - userAuth: - idn:app-roles:manage x-sailpoint-userLevels: - ORG_ADMIN description: 'This API returns the list of all source apps for the org. ' parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - $ref: '#/components/parameters/offset' - in: query name: sorters schema: type: string format: comma-separated description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, created, modified, owner.id, accountSource.id** example: name,-modified required: false style: form explode: true - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, in, co, sw* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **accountSource.id**: *eq, in* **enabled**: *eq* example: enabled eq true required: false style: form explode: true - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of source apps content: application/json: schema: type: array items: $ref: '#/components/schemas/SourceApp' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /source-apps/{id}/access-profiles: get: operationId: listAccessProfilesForSourceApp tags: - Apps summary: List access profiles for the specified source app security: - userAuth: - idn:app-roles:manage - applicationAuth: - idn:app-roles:manage description: This API returns the list of access profiles for the specified source app parameters: - name: id in: path description: ID of the source app required: true x-sailpoint-resource-operation-id: listAllSourceApp schema: type: string example: 2c91808a7813090a017814121e121518 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/offset' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, in* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* example: name eq "developer access profile" required: false style: form explode: true - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of access profiles for the specified source app content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessProfileDetails' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /source-apps/{id}/access-profiles/bulk-remove: post: operationId: deleteAccessProfilesFromSourceAppByBulk tags: - Apps summary: Bulk remove access profiles from the specified source app security: - userAuth: - idn:app-roles:manage - applicationAuth: - idn:app-roles:manage description: This API returns the final list of access profiles for the specified source app after removing parameters: - name: id in: path description: ID of the source app required: true x-sailpoint-resource-operation-id: listAllSourceApp schema: type: string example: 2c91808a7813090a017814121e121518 - $ref: '#/components/parameters/limit' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: required: true content: application/json: schema: type: array items: type: string description: List of access profile IDs for removal example: - c9575abb5e3a4e3db82b2f989a738aa2 - c9dc28e148a24d65b3ccb5fb8ca5ddd9 responses: '200': description: The final list of access profiles for the specified source app content: application/json: schema: type: array items: $ref: '#/components/schemas/AccessProfileDetails' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /user-apps/{id}: patch: operationId: patchUserApp tags: - Apps summary: Patch user app by id description: |- This API updates an existing user app using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax. The following fields are patchable: **account** security: - userAuth: - idn:app-roles:manage parameters: - name: id in: path description: ID of the user app to patch required: true x-sailpoint-resource-operation-id: listAllUserApps schema: type: string example: 2c91808a7813090a017814121e121518 - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true requestBody: content: application/json-patch+json: schema: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /account value: id: 0891808a7813090a017814121e121518 type: ACCOUNT responses: '200': description: Responds with the user app as updated. content: application/json: schema: $ref: '#/components/schemas/UserApp' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '404': $ref: '#/components/responses/404' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /user-apps/{id}/available-accounts: get: operationId: listAvailableAccountsForUserApp tags: - Apps summary: List available accounts for user app security: - userAuth: - idn:app-roles:read - idn:app-roles:manage - applicationAuth: - idn:app-roles:read - idn:app-roles:manage description: This API returns the list of available accounts for the specified user app. The user app needs to belong lo logged in user. parameters: - name: id in: path description: ID of the user app required: true x-sailpoint-resource-operation-id: listAllUserApps schema: type: string example: 2c91808a7813090a017814121e121518 - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of available accounts for the specified user app content: application/json: schema: type: array items: $ref: '#/components/schemas/AppAccountDetails' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /user-apps: get: operationId: listOwnedUserApps tags: - Apps summary: List owned user apps security: - userAuth: - idn:app-roles:read - idn:app-roles:manage - applicationAuth: - idn:app-roles:read - idn:app-roles:manage description: This API returns the list of user apps assigned to logged in user parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - $ref: '#/components/parameters/offset' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq* **ownerName**: *eq, sw* **ownerAlias**: *eq, sw* **accountId**: *eq* **sourceAppId**: *eq* example: name eq "user app name" required: false style: form explode: true - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of user apps content: application/json: schema: type: array items: $ref: '#/components/schemas/UserApp' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /user-apps/all: get: operationId: listAllUserApps tags: - Apps summary: List all user apps security: - userAuth: - idn:app-roles:manage - applicationAuth: - idn:app-roles:manage description: |- This API returns the list of all user apps with specified filters. This API must be used with **filters** query parameter. parameters: - $ref: '#/components/parameters/limit' - $ref: '#/components/parameters/count' - $ref: '#/components/parameters/offset' - in: query name: filters schema: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq* **ownerId**: *eq* **ownerName**: *eq, sw* **ownerAlias**: *eq, sw* **accountId**: *eq* **sourceAppId**: *eq* example: name eq "user app name" required: true style: form explode: true - name: X-SailPoint-Experimental in: header description: Use this header to enable this experimental API. example: true schema: type: string default: true required: true responses: '200': description: List of user apps content: application/json: schema: type: array items: $ref: '#/components/schemas/UserApp' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /roles/{id}/access-model-metadata/{attributeKey}/values/{attributeValue}: post: operationId: updateAttributeKeyAndValueToRole summary: Add a metadata to role. description: This API initialize a request to add a single Access Model Metadata to a role by attribute key and attribute value. A token with ORG_ADMIN, ROLE_ADMIN ROLE_SUBADMIN authority is required to call this API. The maximum number of attributes in one role is 25. Custom metadata update, including ADD and REPLACE need suit licensed. tags: - Roles security: - userAuth: - idn:role:update - idn:role-checked:update x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN parameters: - name: id in: path required: true schema: type: string description: The Id of a role example: c24359c389374d0fb8585698a2189e3d - name: attributeKey in: path required: true schema: type: string description: Technical name of the Attribute. example: iscPrivacy - name: attributeValue in: path required: true schema: type: string description: Technical name of the Attribute Value. example: public responses: '200': description: Responds with the Role as updated. content: application/json: schema: $ref: '#/components/schemas/Role' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' delete: operationId: deleteMetadataFromRoleByKeyAndValue summary: Remove a metadata from role. description: This API initialize a request to remove a single Access Model Metadata from a role by attribute key and value. A token with ORG_ADMIN, ROLE_ADMIN ROLE_SUBADMIN authority is required to call this API. tags: - Roles security: - userAuth: - idn:role:delete - idn:role-checked:delete - idn:role:update - idn:role-checked:update x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN parameters: - name: id in: path required: true schema: type: string description: The role's id. example: 2c91808c74ff913f0175097daa9d59cd - name: attributeKey in: path required: true schema: type: string description: Technical name of the Attribute. example: iscPrivacy - name: attributeValue in: path required: true schema: type: string description: Technical name of the Attribute Value. example: public responses: '202': description: Request accepted '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /roles/access-model-metadata/bulk-update/ids: post: operationId: updateRolesMetadataByIds summary: Bulk-update roles' metadata by id description: |- This API initiates a bulk update of metadata for one or more Roles by a list of Role Ids. A token with ORG_ADMIN, ROLE_ADMIN ROLE_SUBADMIN authority is required to call this API. The maximum role count in a single update request is 3000. The maximum metadata value count for a single role is 25. Custom metadata update, including add, replace need suit licensed. tags: - Roles security: - UserContextAuth: - idn:role:update - idn:role-checked:update requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/RoleMetadataBulkUpdateByIdRequest' responses: '202': description: Returned if bulk update request created content: application/json: schema: $ref: '#/components/schemas/RoleBulkUpdateResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /roles/access-model-metadata/bulk-update/filter: post: operationId: updateRolesMetadataByFilter summary: Bulk-update roles' metadata by filters description: |- This API initiates a bulk update of metadata for one or more Roles by filter. A token with ORG_ADMIN, ROLE_ADMIN ROLE_SUBADMIN authority is required to call this API. The maximum metadata value count for a single role is 25. Custom metadata update, including add, replace need suit licensed. tags: - Roles security: - UserContextAuth: - idn:role:update - idn:role-checked:update requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/RoleMetadataBulkUpdateByFilterRequest' example: operation: ADD replaceScope: ALL filters: requestable eq false values: - attribute: iscFederalClassifications values: - topSecret responses: '202': description: Returned if bulk update request created content: application/json: schema: $ref: '#/components/schemas/RoleBulkUpdateResponse' examples: Update request created successfully: value: id: 2d82ac17-eb0d-4ba6-9918-dcad6ee0294d type: ROLE status: CREATED created: '2024-09-16T18:59:06.871594Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /roles/access-model-metadata/bulk-update/query: post: operationId: updateRolesMetadataByQuery summary: Bulk-update roles' metadata by query description: |- This API initiates a bulk update of metadata for one or more Roles by query. A token with ORG_ADMIN, ROLE_ADMIN ROLE_SUBADMIN authority is required to call this API. The maximum metadata value count for a single role is 25. Custom metadata update, including add, replace need suit licensed. tags: - Roles security: - UserContextAuth: - idn:role:update - idn:role-checked:update requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/RoleMetadataBulkUpdateByQueryRequest' example: example of a success update: query: indices: - roles queryType: TEXT textQuery: terms: - test123 fields: - id matchAny: false contains: true includeNested: false operation: REPLACE replaceScope: ALL values: - attribute: iscFederalClassifications values: - secret responses: '202': description: Returned if bulk update request created content: application/json: schema: $ref: '#/components/schemas/RoleBulkUpdateResponse' examples: Update request created successfully: value: id: 2d82ac17-eb0d-4ba6-9918-dcad6ee0294d type: ROLE status: CREATED created: '2024-09-16T18:59:06.871594Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /roles/access-model-metadata/bulk-update/id: get: operationId: getBulkUpdateStatusById summary: Get bulk-update status by id description: |- This API initial a request for one bulk update's status by bulk update Id returns the status of the bulk update process. A token with ORG_ADMIN, ROLE_ADMIN ROLE_SUBADMIN authority is required to call this API. security: - UserContextAuth: - idn:role:update - idn:role-checked:update tags: - Roles parameters: - name: id in: path required: true schema: type: string description: The Id of the bulk update task. example: c24359c389374d0fb8585698a2189e3d responses: '202': description: return if bulk update status could be found. content: application/json: schema: $ref: '#/components/schemas/RoleBulkUpdateResponse' examples: Update request created successfully: value: id: 2d82ac17-eb0d-4ba6-9918-dcad6ee0294d type: ROLE status: CREATED created: '2024-09-16T18:59:06.871594Z' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /roles/access-model-metadata/bulk-update: get: operationId: getBulkUpdateStatus summary: Get bulk-update statuses description: This API returns a list of all unfinished bulk update process status of the tenant. x-sailpoint-userLevels: - ORG_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN security: - userAuth: - idn:role:update - idn:role-checked:update tags: - Roles responses: '200': description: successfully get the status of all unfinished bulk updates request. content: application/json: schema: type: array items: $ref: '#/components/schemas/RoleGetAllBulkUpdateResponse' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' /roles/filter: post: operationId: searchRolesByFilter summary: Filter roles by metadata description: |- This API returns a list of Role that filter by metadata and filter, it support filter by both path parameter and attribute key and values. A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, HELPDESK, CERT_ADMIN, REPORT_ADMIN or SOURCE_ADMIN authority is required to call this API. security: - userAuth: - idn:role-unchecked:read - idn:role-unchecked:manage tags: - Roles parameters: - name: for-subadmin in: query schema: type: string description: If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin. example: 5168015d32f890ca15812c9180835d2e required: false - name: limit in: query schema: type: integer format: int32 minimum: 0 maximum: 250 default: 50 description: Max number of results to return See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. example: 50 required: false - name: offset in: query description: |- Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. schema: type: integer format: int32 minimum: 0 default: 0 required: false example: 0 - name: count in: query description: |- Boolean indicating whether a total count is returned, factoring in any filter parameters, in the X-Total-Count response header. The value is the total size of the collection that would be returned if limit and offset were ignored. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. schema: type: boolean default: false required: false example: true - name: sorters in: query schema: type: string description: |- Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified** example: name,-modified required: false - name: for-segment-ids in: query schema: type: string description: |- If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs. If segmentation is currently unavailable, specifying this parameter results in an error. example: 0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d required: false - name: include-unsegmented in: query description: Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error. schema: type: boolean default: true required: false example: false - $ref: '#/components/parameters/count' requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleListFilterDTO' example: filters: dimensional eq false ammKeyValues: - attribute: iscFederalClassifications values: - secret responses: '200': description: Responds with A list of Roles content: application/json: schema: type: array allOf: - $ref: '#/components/schemas/Role' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '429': $ref: '#/components/responses/429' '500': $ref: '#/components/responses/500' x-webhooks: AccessRequestDecision: post: summary: Access request decision operationId: accessRequestDecisionEvent description: |- This event trigger fires after an access request is approved or denied. This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Access Request Decision](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/access-request-decision). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccessRequestPostApproval' AccessRequestDynamicApproval: post: summary: Access request dynamic approval operationId: accessRequestDynamicApprovalEvent description: |- This event trigger fires after an access request is submitted but before the request is approved or denied. You can use this trigger as a way to route the access request to an additional approval step by an identity or governance group. This is a `REQUEST_RESPONSE` event trigger. This trigger type expects a response from the subscribers with directions about how to proceed with the event. You can only have one subscriber per event. For more information about this event trigger, refer to [Access Request Dynamic Approval](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/access-request-dynamic-approval). >**Note: If there is an active subscription to the [Access Request Submitted trigger](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/access-request-submitted), this trigger is invoked after the Access Request Submitted trigger, only if the response to that trigger was to approve the request.** tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccessRequestDynamicApprover' responses: required: true content: application/json: schema: $ref: ../schemas/trigger/example-input/AccessRequestDynamicApprovalResponse.yaml AccessRequestSubmitted: post: summary: Access request submitted operationId: accessRequestSubmittedEvent description: |- This event trigger fires after an access request is submitted but before the request is approved or denied. A service subscribing to the trigger can respond in real-time to approve or deny the request. This is a `REQUEST_RESPONSE` event trigger. This trigger type expects a response from the subscribers with directions about how to proceed with the event. You can only have one subscriber per event. For more information about this event trigger, refer to [Access Request Submitted](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/access-request-submitted). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccessRequestPreApproval' responses: required: true content: application/json: schema: $ref: ../schemas/trigger/example-input/AccessRequestSubmittedResponse.yaml AccountAggregationCompleted: post: summary: Account aggregation completed operationId: accountAggregationCompletedEvent description: |- This event trigger fires after a source aggregation has either succeeded or failed in collecting source accounts but before Identity Security Cloud (ISC) processes the aggregation. This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Account Aggregation Completed](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/account-aggregation-completed). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/AccountAggregationCompleted' CampaignActivated: post: summary: Campaign activated operationId: campaignActivatedEvent description: |- This event trigger fires after a certification campaign is activated. This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Campaign Activated](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/campaign-activated). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CampaignActivated' CampaignEnded: post: summary: Campaign ended operationId: campaignEndedEvent description: |- This event trigger fires after a certification campaign ends. This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Campaign Ended](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/campaign-ended). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CampaignEnded' CampaignGenerated: post: summary: Campaign generated operationId: campaignGeneratedEvent description: |- This event trigger fires after a certification campaign has generated and moved into the 'Preview Ready' state but hasn't been activated yet. A typical use case for this event trigger is to use it to immediately activate a campaign once it is generated. This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Campaign Generated](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/campaign-generated). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CampaignGenerated' CertificationSignedOff: post: summary: Certification signed off operationId: certificationSignedOffEvent description: |- This event trigger fires after a certification is signed off on and moves to the 'End' status. Do not confuse this event trigger with the Campaign End trigger. This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Certification Sign Off](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/certification-signed-off). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/CertificationSignedOff' FormSubmitted: post: summary: Form submitted operationId: formSubmittedEvent description: |- This event trigger fires after a user has submitted a [custom form](https://documentation.sailpoint.com/saas/help/forms/index.html) in Identity Security Cloud (ISC). A typical use case for this trigger is to immediately take actions based on the data in the submitted form. This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Form Submitted](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/form-submitted). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/FormSubmitted' IdentityAttributesChanged: post: summary: Identity attributes changed operationId: identityAttributesChangedEvent description: |- This event trigger fires when Identity Security Cloud (ISC) detects an identity attribute change. ISC identity attribute changes occur when account attributes aggregated from an authoritative source differ from an identity's current attributes during an identity refresh. This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Identity Attributes Changed](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/identity-attribute-changed). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/IdentityAttributesChanged' IdentityCreated: post: summary: Identity created operationId: identityCreatedEvent description: |- This event trigger fires when Identity Security Cloud (ISC) detects a new identity during an aggregation and refresh from an authoritative source. ISC detects a new identity when it finds an account from an authoritative source that isn't correlated to an existing identity. This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Identity Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/identity-created). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/IdentityCreated' NativeChangeAccountCreated: post: summary: Native change account created operationId: nativeChangeAccountCreatedEvent description: |- This event trigger fires when Identity Security Cloud (ISC) aggregates data from an external source and detects that a new account exists on the source. The external source must meet these criteria for you to receive this type of event: * Native Change Detection (NCD) is enabled. * Account Create operations are monitored. * At least one attribute selected for monitoring has changed. In addition to having NCD enabled, There are two ways to configure a source for NCD: * Invoke the 'Update Native Change Detection' configuration for each source you want to receive NCD events from. * Configure the NCD options on the source in the source configuration user interface (UI). This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Native Change Account Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/native-change-account-created). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SourceAccountCreated' NativeChangeAccountDeleted: post: summary: Native change account deleted operationId: nativeChangeAccountDeletedEvent description: |- This event trigger fires when Identity Security Cloud (ISC) aggregates data from an external source and detects that an account has been deleted from the source. The external source must meet these criteria for you to receive this type of event: * Native Change Detection (NCD) is enabled. * Account Delete operations are monitored. * At least one attribute selected for monitoring has changed. In addition to having NCD enabled, There are two ways to configure a source for NCD: * Invoke the 'Update Native Change Detection' configuration for each source you want to receive NCD events from. * Configure the NCD options on the source in the source configuration user interface (UI). A typical use for this event trigger would be to notify the correlated identity's manager and the source owner when the account is deleted. This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Native Change Account Deleted](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/native-change-account-deleted). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SourceAccountDeleted' NativeChangeAccountUpdated: post: summary: Native change account updated operationId: nativeChangeAccountUpdatedEvent description: |- This event trigger fires when Identity Security Cloud (ISC) aggregates data from an external source and detects that an account has been updated on the source. The external source must meet these criteria for you to receive this type of event: * Native Change Detection (NCD) is enabled. * Account Update operations are monitored. * At least one attribute selected for monitoring has changed. In addition to having NCD enabled, There are two ways to configure a source for NCD: * Invoke the 'Update Native Change Detection' configuration for each source you want to receive NCD events from. * Configure the NCD options on the source in the source configuration user interface (UI). A typical use for this event trigger would be to notify the correlated identity's manager and the source owner when the account is deleted. This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Native Change Account Updated](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/native-change-account-updated). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SourceAccountUpdated' OutlierDetected: post: summary: Outlier detected operationId: outlierDetectedEvent description: |- This event trigger fires when Identity Security Cloud (ISC) detects that identities have unusual access relative their peers. ISC calculates outliers daily, flags the outliers, and notifies the trigger's subscribers when it detects them. These are the requirements to use the trigger: * Your organization must have Access Insights, which it needs to access Identity Outliers. * Your organization must have at a configured source that it has loaded account data from. * Your organization's accound data must be onboarded into AI-Driven Identity Security. This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Outlier Detected](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/outlier-detected). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/OutlierDetected' ProvisioningCompleted: post: summary: Provisioning completed operationId: provisioningCompletedEvent description: |- This event trigger fires after Identity Security Cloud (ISC) provisions access to an account. This trigger provides organizations with a flexible way to extend the provisioning workflow after an identity's access has changed within ISC. These are the requirements to use the trigger: * An oAuth client must be configured with the `ORG_ADMIN` authority. * The organization has enabled the `ARSENAL_ALLOW_POSTPROVISIONING_TRIGGERS` feature flag. * Connectors are configured for provisioning into the target applications. * The organization is configured for automated provisioning. Different event contexts require different setups. For more information about these setups, refer to [Provisioning Completed](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/provisioning-completed). To provision access to a target application, the source's connector must support these features: * `ENABLE`: The ability to enable or disable accounts. * `UNLOCK`: The ability to lock or unlock accounts. * `PROVISIONING`: The ability to write to accounts. * `PASSWORD`: The ability to update account passwords. For a list of supported connectors and features, refer to [Identity Security Cloud Connectors](https://documentation.sailpoint.com/connectors/isc/landingpages/help/landingpages/isc_landing.html). For more information about configuring sources for provisioning in ISC, refer to [Configuring Source Account Provisioning](https://documentation.sailpoint.com/saas/help/provisioning/create_profile.html). This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Provisioning Completed](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/provisioning-completed). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/ProvisioningCompleted' ScheduledSearch: post: summary: Scheduled search operationId: scheduledSearchEvent description: |- This event trigger fires after Identity Security Cloud (ISC) generates a report from a saved search. In ISC, users can subscribe to saved searches to receive an email report generated by the saved search. They can then set a schedule for when those saved searches generate reports, such as daily at 6:00 GMT. The trigger can notify an external HTTP application that ISC has generated a report from a saved search and the report is ready to be processed. These are some typical use cases for the trigger: * Perform continous checks for Separation of Duties (SOD) violations, for quality control. * Respond to upcoming Joiner-Mover-Leaver (JML) scenarios, such as deprovisioning access before an employee's separation date. This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Scheduled Search](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/scheduled-search). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SavedSearchComplete' SourceCreated: post: summary: Source created operationId: sourceCreatedEvent description: |- This event trigger fires when a new source is created in Identity Security Cloud (ISC), by either the [API](https://developer.sailpoint.com/docs/api/v2024/create-source) or the [Admin UI](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html#configuring-a-source). These are some typical use cases for the trigger: * Provide evidence to auditors to show that connector logic and sources are maintained by proper change control processes and aren't vulnerable to outside manipulation. * Auto-configure new sources with proper owners, using external data sources. This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Source Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-created). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SourceCreated' SourceDeleted: post: summary: Source deleted operationId: sourceDeletedEvent description: |- This event trigger fires when a new source is deleted from Identity Security Cloud (ISC), by either the [API](https://developer.sailpoint.com/docs/api/v2024/delete-source) or the [Admin UI](https://documentation.sailpoint.com/saas/help/sources/index.html#deleting-a-source). These are some typical use cases for the trigger: * Provide evidence to auditors to show that connector logic and sources are maintained by proper change control processes and aren't vulnerable to outside manipulation. * Alert admins when a source is incorrectly deleted. This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Source Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-deleted). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SourceDeleted' SourceUpdated: post: summary: Source updated operationId: sourceUpdatedEvent description: |- This event trigger fires when a new source's configuration is changed in Identity Security Cloud (ISC). These are some typical use cases for the trigger: * Provide evidence to auditors to show that connector logic and sources are maintained by proper change control processes and aren't vulnerable to outside manipulation. * Trigger review for an updated source. This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Source Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/source-updated). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SourceUpdated' VaClusterStatusChange: post: summary: Va cluster status change operationId: vaClusterStatusChangeEvent description: |- This event trigger fires when Identity Security Cloud (ISC) runs a health check on a virtual appliance (VA) cluster, and the cluster's health status is different from the previous health check, such as a change from healthy to unhealthy or the opposite. VA cluster health checks run every 30 minutes. Users can use this trigger to monitor all their VA clusters' health status changes. These are some typical use cases for the trigger: * Create real-time health dashboards for VA clusters. * Notify an admin or system to take appropriate actions when a VA cluster's health status changes. This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Source Created](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/va-cluster-status-change). tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/VAClusterStatusChangeEvent' IdentityDeleted: post: summary: Identity deleted operationId: identityDeletedEvent description: |- This event trigger fires after an identity has been completely deleted from Identity Security Cloud (ISC). ISC only deletes an identity when it meets all these requirements: * It has no correlated accounts. * It's not an owner of a role, access profile, application, source, or task result. * It's not an owner or requester of a work item. * It's not a protected account or manager. * It has no assigned capabilities, such as being an assigned certification reviewer. * It's not involved in any active certification as a target (its access is not being certified). These are some typical use cases for the trigger: * Notify an administrator or system to take the appropriate provisioning actions as part of the leaver workflow. * Notify a system to trigger another action, such as deactivating an employee's badge upon termination. This is a `FIRE_AND_FORGET` event trigger. You can have a maximum of 50 subscriptions for this trigger. For more information about this event trigger, refer to [Identity Deleted](https://developer.sailpoint.com/docs/extensibility/event-triggers/triggers/identity-deleted). >**Note: This is an early access event trigger. Contact support to enable it on your tenant.** tags: - Triggers security: - userAuth: - sp:trigger-service-subscriptions:manage requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/IdentityDeleted' components: securitySchemes: userAuth: type: oauth2 x-displayName: Personal Access Token description: | OAuth2 Bearer token (JWT) generated using either a [personal access token (PAT)](https://developer.sailpoint.com/docs/api/authentication/#generate-a-personal-access-token) or through the [authorization code flow](https://developer.sailpoint.com/docs/api/authentication/#request-access-token-with-authorization-code-grant-flow). Personal access tokens are associated with a user in Identity Security Cloud and relies on the user's [user level](https://documentation.sailpoint.com/saas/help/common/users/index.html) (ex. Admin, Helpdesk, etc.) to determine a base level of access. See [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information. flows: clientCredentials: tokenUrl: https://example-tenant.api.identitynow.com/oauth/token scopes: sp:scopes:default: default scope sp:scopes:all: access to all scopes authorizationCode: authorizationUrl: https://example-tenant.login.sailpoint.com/oauth/authorize tokenUrl: https://example-tenant.api.identitynow.com/oauth/token scopes: sp:scopes:default: default scope sp:scopes:all: access to all scopes applicationAuth: type: oauth2 x-displayName: Client Credentials description: | OAuth2 Bearer token (JWT) generated using [client credentials flow](https://developer.sailpoint.com/docs/api/authentication/#request-access-token-with-client-credentials-grant-flow). Client credentials refers to tokens that are not associated with a user in Identity Security Cloud. See [Identity Security Cloud REST API Authentication](https://developer.sailpoint.com/docs/api/authentication/) for more information. flows: clientCredentials: tokenUrl: https://example-tenant.api.identitynow.com/oauth/token scopes: sp:scopes:default: default scope sp:scopes:all: access to all scopes schemas: AccessRequest: type: object title: Access Request properties: requestedFor: description: A list of Identity IDs for whom the Access is requested. If it's a Revoke request, there can only be one Identity ID. type: array items: type: string example: 2c918084660f45d6016617daa9210584 requestType: $ref: '#/components/schemas/AccessRequestType' requestedItems: type: array items: $ref: '#/components/schemas/AccessRequestItem' minItems: 1 clientMetadata: type: object additionalProperties: type: string example: requestedAppId: 2c91808f7892918f0178b78da4a305a1 requestedAppName: test-app example: requestedAppId: 2c91808f7892918f0178b78da4a305a1 requestedAppName: test-app description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities. requestedForWithRequestedItems: description: | Additional submit data structure with requestedFor containing requestedItems allowing distinction for each request item and Identity. * Can only be used when 'requestedFor' and 'requestedItems' are not separately provided * Adds ability to specify which account the user wants the access on, in case they have multiple accounts on a source * Allows the ability to request items with different remove dates * Also allows different combinations of request items and identities in the same request * Only for use in GRANT_ACCESS type requests type: array items: $ref: '#/components/schemas/RequestedForDtoRef' nullable: true required: - requestedFor - requestedItems AccessRequestItem: type: object title: Access Request Item properties: type: type: string enum: - ACCESS_PROFILE - ROLE - ENTITLEMENT description: The type of the item being requested. example: ACCESS_PROFILE id: type: string description: ID of Role, Access Profile or Entitlement being requested. example: 2c9180835d2e5168015d32f890ca1581 comment: type: string description: | Comment provided by requester. * Comment is required when the request is of type Revoke Access. example: Requesting access profile for John Doe clientMetadata: type: object additionalProperties: type: string example: requestedAppId: 2c91808f7892918f0178b78da4a305a1 requestedAppName: test-app example: requestedAppName: test-app requestedAppId: 2c91808f7892918f0178b78da4a305a1 description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status. removeDate: type: string description: | The date and time the role or access profile or entitlement is no longer assigned to the specified identity. Also known as the expiration date. * Specify a date-time in the future. * The current SLA for the deprovisioning is 24 hours. * This date-time can be used to change the duration of an existing access item assignment for the specified identity. A GRANT_ACCESS request can extend duration or even remove an expiration date, and either a GRANT_ACCESS or REVOKE_ACCESS request can reduce duration or add an expiration date where one has not previously been present. You can change the expiration date in requests for yourself or others you are authorized to request for. format: date-time example: '2020-07-11T21:23:15.000Z' assignmentId: type: string nullable: true description: | The assignmentId for a specific role assignment on the identity. This id is used to revoke that specific roleAssignment on that identity. * For use with REVOKE_ACCESS requests for roles for identities with multiple accounts on a single source. example: ee48a191c00d49bf9264eb0a4fc3a9fc nativeIdentity: type: string nullable: true description: | The unique identifier for an account on the identity, designated as the account ID attribute in the source's account schema. This is used to revoke a specific attributeAssignment on the identity. * For use with REVOKE_ACCESS requests for entitlements for identities with multiple accounts on a single source. example: CN=User db3377de14bf,OU=YOURCONTAINER, DC=YOURDOMAIN required: - id - type AccessProfileDocument: description: 'More complete representation of an access profile. ' allOf: - $ref: '#/components/schemas/BaseAccess' - type: object required: - id - name properties: id: type: string description: Access profile's ID. example: 2c9180825a6c1adc015a71c9023f0818 name: type: string description: Access profile's name. example: Cloud Eng source: type: object description: Access profile's source. properties: id: type: string description: Source's ID. example: ff8081815757d4fb0157588f3d9d008f name: type: string description: Source's name. example: Employees entitlements: type: array description: Entitlements the access profile has access to. items: $ref: '#/components/schemas/BaseEntitlement' entitlementCount: type: integer description: Number of entitlements. example: 5 segments: type: array description: Segments with the access profile. items: $ref: '#/components/schemas/BaseSegment' segmentCount: type: integer description: Number of segments with the access profile. format: int32 example: 1 tags: $ref: '#/components/schemas/Tags' apps: type: array description: Applications with the access profile items: $ref: '#/components/schemas/AccessApps' AccessProfileSummary: description: This is a summary representation of an access profile. allOf: - $ref: '#/components/schemas/Access' - type: object properties: type: type: string description: Type of the access item. example: ACCESS_PROFILE source: $ref: '#/components/schemas/Reference' owner: $ref: '#/components/schemas/DisplayReference' revocable: type: boolean example: true AccessReviewReassignment: $ref: '#/components/schemas/ReviewReassign' Account: allOf: - $ref: '#/components/schemas/BaseCommonDto' - type: object required: - sourceId - sourceName - attributes - authoritative - disabled - locked - nativeIdentity - systemAccount - uncorrelated - manuallyCorrelated - hasEntitlements properties: sourceId: type: string example: 2c9180835d2e5168015d32f890ca1581 description: The unique ID of the source this account belongs to sourceName: type: string nullable: true example: Employees description: The display name of the source this account belongs to identityId: type: string example: 2c9180835d2e5168015d32f890ca1581 description: The unique ID of the identity this account is correlated to cloudLifecycleState: type: string nullable: true example: active description: The lifecycle state of the identity this account is correlated to identityState: type: string nullable: true example: ACTIVE description: The identity state of the identity this account is correlated to connectionType: type: string nullable: true example: direct description: The connection type of the source this account is from isMachine: type: boolean default: false description: Indicates if the account is of machine type example: true recommendation: allOf: - $ref: '#/components/schemas/Recommendation' - nullable: true description: Indicates that the account is currently classified to be one type but is recommended to be a different one example: type: MACHINE method: DISCOVERY attributes: type: object nullable: true additionalProperties: true description: The account attributes that are aggregated example: firstName: SailPoint lastName: Support displayName: SailPoint Support authoritative: type: boolean description: Indicates if this account is from an authoritative source example: false description: type: string description: A description of the account nullable: true example: null disabled: type: boolean description: Indicates if the account is currently disabled example: false locked: type: boolean description: Indicates if the account is currently locked example: false nativeIdentity: type: string description: The unique ID of the account generated by the source system example: '552775' systemAccount: type: boolean example: false description: If true, this is a user account within IdentityNow. If false, this is an account from a source system. uncorrelated: type: boolean description: Indicates if this account is not correlated to an identity example: false uuid: type: string description: The unique ID of the account as determined by the account schema example: '{b0dce506-d6d4-44d2-8a32-d9a5b21fb175}' nullable: true manuallyCorrelated: type: boolean description: Indicates if the account has been manually correlated to an identity example: false hasEntitlements: type: boolean description: Indicates if the account has entitlements example: true identity: description: The identity this account is correlated to type: object properties: id: type: string description: The ID of the identity example: 2c918084660f45d6016617daa9210584 type: type: string description: The type of object being referenced enum: - IDENTITY example: IDENTITY name: type: string description: display name of identity example: John Doe sourceOwner: type: object nullable: true description: The owner of the source this account belongs to. properties: id: type: string description: The ID of the identity example: 2c918084660f45d6016617daa9210584 type: type: string description: The type of object being referenced enum: - IDENTITY example: IDENTITY name: type: string description: display name of identity example: Adam Kennedy features: type: string description: A string list containing the owning source's features example: ENABLE nullable: true origin: type: string nullable: true enum: - AGGREGATED - PROVISIONED - null description: The origin of the account either aggregated or provisioned example: AGGREGATED ownerIdentity: allOf: - $ref: '#/components/schemas/BaseReferenceDto' - description: The identity who owns this account, used only for machine accounts nullable: true example: id: 2c918084660f45d6016617daa9210584 type: IDENTITY name: Adam Kennedy AccountActivity: type: object title: Account Activity properties: id: type: string description: Id of the account activity example: 2c9180835d2e5168015d32f890ca1581 name: type: string description: The name of the activity example: 2c9180835d2e5168015d32f890ca1581 created: description: When the activity was first created type: string format: date-time example: '2017-07-11T18:45:37.098Z' modified: description: When the activity was last modified type: string format: date-time example: '2018-06-25T20:22:28.104Z' nullable: true completed: description: When the activity was completed type: string format: date-time nullable: true example: '2018-10-19T13:49:37.385Z' completionStatus: $ref: '#/components/schemas/CompletionStatus' type: nullable: true type: string example: appRequest description: | The type of action the activity performed. Please see the following list of types. This list may grow over time. - CloudAutomated - IdentityAttributeUpdate - appRequest - LifecycleStateChange - AccountStateUpdate - AccountAttributeUpdate - CloudPasswordRequest - Attribute Synchronization Refresh - Certification - Identity Refresh - Lifecycle Change Refresh [Learn more here](https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data). requesterIdentitySummary: $ref: '#/components/schemas/IdentitySummary' targetIdentitySummary: $ref: '#/components/schemas/IdentitySummary' errors: nullable: true description: A list of error messages, if any, that were encountered. type: array items: type: string example: - 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.' warnings: nullable: true description: A list of warning messages, if any, that were encountered. type: array items: type: string example: - Some warning, another warning items: nullable: true type: array description: Individual actions performed as part of this account activity items: $ref: '#/components/schemas/AccountActivityItem' executionStatus: $ref: '#/components/schemas/ExecutionStatus' clientMetadata: nullable: true type: object additionalProperties: type: string description: Arbitrary key-value pairs, if any were included in the corresponding access request example: customKey1: custom value 1 customKey2: custom value 2 AccountActivitySearchedItem: $ref: '#/components/schemas/AccountActivityDocument' AccountAttributes: type: object title: Account Attributes required: - attributes properties: attributes: description: The schema attribute values for the account type: object additionalProperties: true example: city: Austin displayName: John Doe userName: jdoe sAMAccountName: jDoe mail: john.doe@sailpoint.com AccountsAsyncResult: description: Accounts async response containing details on started async process required: - id type: object title: Accounts Async Result properties: id: description: id of the task type: string example: 2c91808474683da6017468693c260195 AccountToggleRequest: description: Request used for account enable/disable type: object title: Account Toggle Request properties: externalVerificationId: description: If set, an external process validates that the user wants to proceed with this request. type: string example: 3f9180835d2e5168015d32f890ca1581 forceProvisioning: description: If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing 'true' for an unlocked account will add and process 'Unlock' operation by the workflow. type: boolean example: false AccountUnlockRequest: description: Request used for account unlock type: object title: Account Unlock Request properties: externalVerificationId: description: If set, an external process validates that the user wants to proceed with this request. type: string example: 3f9180835d2e5168015d32f890ca1581 unlockIDNAccount: description: If set, the IDN account is unlocked after the workflow completes. type: boolean example: false forceProvisioning: description: If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. type: boolean example: false ApprovalItems: $ref: '#/components/schemas/ApprovalItemDetails' Campaign: $ref: '#/components/schemas/CampaignReference' Certification: $ref: '#/components/schemas/IdentityCertificationDto' CertificationReference: type: object title: Certification Reference properties: id: type: string description: The id of the certification. example: ef38f94347e94562b5bb8424a56397d8 name: type: string description: The name of the certification. example: Certification Name type: type: string enum: - CERTIFICATION example: CERTIFICATION reviewer: $ref: '#/components/schemas/Reviewer' EntitlementDocument: description: Entitlement allOf: - $ref: '#/components/schemas/BaseDocument' - type: object properties: modified: type: string description: ISO-8601 date-time referring to the time when the object was last modified. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' synced: type: string description: |- ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API. This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database. There may be some delay between the `synced` time and the time when the updated data is actually available in the search API. displayName: type: string description: Entitlement's display name. example: Admin source: type: object description: Entitlement's source. properties: id: type: string description: ID of entitlement's source. example: 2c91808b6e9e6fb8016eec1a2b6f7b5f name: type: string description: Display name of entitlement's source. example: ODS-HR-Employees type: type: string example: SOURCE description: Type of object. segments: type: array description: Segments with the entitlement. items: $ref: '#/components/schemas/BaseSegment' segmentCount: type: integer description: Number of segments with the role. format: int32 example: 1 requestable: type: boolean description: Indicates whether the entitlement is requestable. default: false example: false cloudGoverned: type: boolean description: Indicates whether the entitlement is cloud governed. default: false example: false created: type: string description: ISO-8601 date-time referring to the time when the object was created. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' privileged: type: boolean description: Indicates whether the entitlement is privileged. default: false example: false tags: $ref: '#/components/schemas/Tags' attribute: type: string description: Attribute information for the entitlement. example: groups value: type: string description: Value of the entitlement. example: 1733ff75-441e-4327-9bfc-3ac445fd8cd1 sourceSchemaObjectType: type: string description: Source schema object type of the entitlement. example: group schema: type: string description: Schema type of the entitlement. example: group hash: type: string description: Read-only calculated hash value of an entitlement. example: c6fab95235584cca98a454a2f51e5683bc77d6a0 attributes: type: object additionalProperties: true description: Attributes of the entitlement. truncatedAttributes: type: array description: Truncated attributes of the entitlement. items: type: string containsDataAccess: type: boolean description: Indicates whether the entitlement contains data access. default: false manuallyUpdatedFields: type: object description: Indicates whether the entitlement's display name and/or description have been manually updated. nullable: true properties: DESCRIPTION: type: boolean default: false example: false DISPLAY_NAME: type: boolean default: false example: false permissions: type: array items: type: object properties: target: type: string description: The target the permission would grants rights on. example: SYS.GV_$TRANSACTION rights: type: array description: All the rights (e.g. actions) that this permission allows on the target items: type: string example: SELECT EntitlementSummary: $ref: '#/components/schemas/AccessProfileEntitlement' Event: $ref: '#/components/schemas/EventDocument' IdentityDocument: description: Identity allOf: - $ref: '#/components/schemas/BaseDocument' - $ref: '#/components/schemas/DisplayReference' - type: object properties: displayName: type: string example: Carol.Adams description: Identity's display name. firstName: type: string description: Identity's first name. example: Carol lastName: type: string description: Identity's last name. example: Adams email: type: string description: Identity's primary email address. example: Carol.Adams@sailpointdemo.com created: type: string description: ISO-8601 date-time referring to the time when the object was created. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' modified: type: string description: ISO-8601 date-time referring to the time when the object was last modified. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' phone: type: string description: Identity's phone number. example: +1 440-527-3672 synced: type: string description: |- ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API. This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database. There may be some delay between the `synced` time and the time when the updated data is actually available in the search API. inactive: type: boolean description: Indicates whether the identity is inactive. default: false example: false protected: type: boolean description: Indicates whether the identity is protected. default: false example: false status: type: string description: Identity's status in SailPoint. example: UNREGISTERED employeeNumber: type: string description: Identity's employee number. example: 1a2a3d4e manager: type: object description: Identity's manager. nullable: true properties: id: type: string description: ID of identity's manager. example: 2c9180867dfe694b017e208e27c05799 name: type: string description: Name of identity's manager. example: Amanda.Ross displayName: type: string description: Display name of identity's manager. example: Amanda.Ross isManager: type: boolean description: Indicates whether the identity is a manager of other identities. example: false identityProfile: type: object description: Identity's identity profile. properties: id: type: string description: Identity profile's ID. example: 3bc8ad26b8664945866b31339d1ff7d2 name: type: string description: Identity profile's name. example: HR Employees source: type: object description: Identity's source. properties: id: type: string description: ID of identity's source. example: 2c91808b6e9e6fb8016eec1a2b6f7b5f name: type: string description: Display name of identity's source. example: ODS-HR-Employees attributes: type: object description: Map or dictionary of key/value pairs. additionalProperties: true example: country: US firstname: Carol cloudStatus: UNREGISTERED disabled: type: boolean description: Indicates whether the identity is disabled. default: false example: false locked: type: boolean description: Indicates whether the identity is locked. default: false example: false processingState: type: string description: Identity's processing state. nullable: true example: ERROR processingDetails: $ref: '#/components/schemas/ProcessingDetails' description: Identity's processing details. nullable: true accounts: type: array description: List of accounts associated with the identity. items: $ref: '#/components/schemas/BaseAccount' accountCount: type: integer description: Number of accounts associated with the identity. format: int32 example: 3 apps: type: array description: List of applications the identity has access to. items: $ref: '#/components/schemas/App' appCount: type: integer format: int32 description: Number of applications the identity has access to. example: 2 access: type: array description: List of access items assigned to the identity. items: $ref: '#/components/schemas/IdentityAccess' accessCount: type: integer format: int32 description: Number of access items assigned to the identity. example: 5 entitlementCount: type: integer format: int32 description: Number of entitlements assigned to the identity. example: 10 roleCount: type: integer format: int32 description: Number of roles assigned to the identity. example: 1 accessProfileCount: type: integer format: int32 description: Number of access profiles assigned to the identity. example: 1 owns: type: array description: Access items the identity owns. items: $ref: '#/components/schemas/Owns' ownsCount: type: integer format: int32 description: Number of access items the identity owns. example: 5 tags: $ref: '#/components/schemas/Tags' tagsCount: type: integer format: int32 description: Number of tags on the identity. visibleSegments: type: array description: List of segments that the identity is in. items: type: string nullable: true example: - All Employees visibleSegmentCount: type: integer format: int32 description: Number of segments the identity is in. example: 1 IdentityProfile: allOf: - $ref: '#/components/schemas/BaseCommonDto' - type: object required: - authoritativeSource properties: description: type: string description: Identity profile's description. example: My custom flat file profile nullable: true owner: type: object description: Identity profile's owner. nullable: true properties: type: type: string enum: - IDENTITY description: Owner's object type. example: IDENTITY id: type: string description: Owner's ID. example: 2c9180835d191a86015d28455b4b232a name: type: string description: Owner's name. example: William Wilson priority: type: integer format: int64 description: Identity profile's priority. example: 10 authoritativeSource: type: object properties: type: type: string enum: - SOURCE description: Authoritative source's object type. example: SOURCE id: type: string description: Authoritative source's ID. example: 2c9180835d191a86015d28455b4b232a name: type: string description: Authoritative source's name. example: HR Active Directory identityRefreshRequired: type: boolean default: false description: Set this value to 'True' if an identity refresh is necessary. You would typically want to trigger an identity refresh when a change has been made on the source. example: true identityCount: type: integer description: Number of identities belonging to the identity profile. format: int32 example: 8 identityAttributeConfig: $ref: '#/components/schemas/IdentityAttributeConfig' identityExceptionReportReference: $ref: '#/components/schemas/IdentityExceptionReportReference' hasTimeBasedAttr: description: Indicates the value of `requiresPeriodicRefresh` attribute for the identity profile. type: boolean default: false example: true IdentityReferenceWithNameAndEmail: type: object title: Identity Reference With Name And Email nullable: true properties: type: type: string description: The type can only be IDENTITY. This is read-only. example: IDENTITY id: type: string description: Identity ID. example: 5168015d32f890ca15812c9180835d2e name: type: string description: Identity's human-readable display name. This is read-only. example: Alison Ferguso email: type: string nullable: true description: Identity's email address. This is read-only. example: alison.ferguso@identitysoon.com ProvisioningConfig: type: object title: Provisioning Config description: Specification of a Service Desk integration provisioning configuration. properties: universalManager: description: Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed. type: boolean readOnly: true default: false example: true managedResourceRefs: description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. type: array items: allOf: - $ref: '#/components/schemas/ServiceDeskSource' example: - type: SOURCE id: 2c9180855d191c59015d291ceb051111 name: My Source 1 - type: SOURCE id: 2c9180855d191c59015d291ceb052222 name: My Source 2 planInitializerScript: description: This is a reference to a plan initializer script. type: object nullable: true properties: source: description: This is a Rule that allows provisioning instruction changes. type: string example: | \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n noProvisioningRequests: description: Name of an attribute that when true disables the saving of ProvisioningRequest objects whenever plans are sent through this integration. type: boolean default: false example: true provisioningRequestExpiration: description: When saving pending requests is enabled, this defines the number of hours the request is allowed to live before it is considered expired and no longer affects plan compilation. type: integer format: int32 example: 7 ProvisioningPolicy: $ref: '#/components/schemas/ProvisioningPolicyDto' QueuedCheckConfigDetails: description: Configuration of maximum number of days and interval for checking Service Desk integration queue status. required: - provisioningStatusCheckIntervalMinutes - provisioningMaxStatusCheckDays type: object title: Queued Check Config Details properties: provisioningStatusCheckIntervalMinutes: description: Interval in minutes between status checks type: string example: 30 provisioningMaxStatusCheckDays: description: Maximum number of days to check type: string example: 2 Reassignment: type: object title: Reassignment nullable: true properties: from: $ref: '#/components/schemas/CertificationReference' comment: type: string description: The comment entered when the Certification was reassigned example: Reassigned for a reason ReassignmentReference: $ref: '#/components/schemas/ReassignReference' RemediationItems: $ref: '#/components/schemas/RemediationItemDetails' RequestableObject: type: object title: Requestable Object properties: id: type: string description: Id of the requestable object itself example: 2c9180835d2e5168015d32f890ca1581 name: type: string description: Human-readable display name of the requestable object example: Applied Research Access created: type: string format: date-time example: '2017-07-11T18:45:37.098Z' description: The time when the requestable object was created modified: nullable: true type: string format: date-time example: '2018-06-25T20:22:28.104Z' description: The time when the requestable object was last modified description: type: string description: Description of the requestable object. example: Access to research information, lab results, and schematics. nullable: true type: $ref: '#/components/schemas/RequestableObjectType' requestStatus: allOf: - $ref: '#/components/schemas/RequestableObjectRequestStatus' - nullable: true identityRequestId: type: string description: If *requestStatus* is *PENDING*, indicates the id of the associated account activity. nullable: true example: null ownerRef: $ref: '#/components/schemas/IdentityReferenceWithNameAndEmail' requestCommentsRequired: type: boolean description: Whether the requester must provide comments when requesting the object. example: false RequestableObjectType: type: string enum: - ACCESS_PROFILE - ROLE - ENTITLEMENT description: Currently supported requestable object types. example: ACCESS_PROFILE RequestableObjectRequestStatus: type: string enum: - AVAILABLE - PENDING - ASSIGNED - null description: Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results. example: AVAILABLE Reviewer: type: object title: Reviewer properties: id: type: string description: The id of the reviewer. example: ef38f94347e94562b5bb8424a56397d8 name: type: string description: The name of the reviewer. example: Reviewer Name email: type: string description: The email of the reviewing identity. example: reviewer@test.com type: type: string enum: - IDENTITY description: The type of the reviewing identity. example: IDENTITY created: nullable: true example: '2018-06-25T20:22:28.104Z' format: date-time type: string description: The created date of the reviewing identity. modified: nullable: true example: '2018-06-25T20:22:28.104Z' format: date-time type: string description: The modified date of the reviewing identity. RoleDocument: description: Role allOf: - $ref: '#/components/schemas/BaseAccess' - type: object required: - id - name properties: id: type: string example: 2c91808375d8e80a0175e1f88a575222 description: ID of the role. name: type: string example: Branch Manager Access description: Name of the role. accessProfiles: type: array description: Access profiles included with the role. nullable: true items: $ref: '#/components/schemas/BaseAccessProfile' accessProfileCount: type: integer description: Number of access profiles included with the role. nullable: true format: int32 example: 1 tags: $ref: '#/components/schemas/Tags' nullable: true segments: type: array description: Segments with the role. nullable: true items: $ref: '#/components/schemas/BaseSegment' segmentCount: type: integer description: Number of segments with the role. nullable: true format: int32 example: 1 entitlements: type: array description: Entitlements included with the role. nullable: true items: allOf: - $ref: '#/components/schemas/BaseEntitlement' - properties: sourceSchemaObjectType: type: string description: Schema objectType. example: group hash: type: string description: Read-only calculated hash value of an entitlement. example: c6fab95235584cca98a454a2f51e5683bc77d6a0 entitlementCount: type: integer description: Number of entitlements included with the role. nullable: true format: int32 example: 3 dimensional: type: boolean example: false default: false dimensionSchemaAttributeCount: type: integer description: Number of dimension attributes included with the role. nullable: true format: int32 example: 3 dimensionSchemaAttributes: type: array description: Dimension attributes included with the role. nullable: true items: type: object properties: derived: type: boolean example: true default: true displayName: type: string description: Displayname of the dimension attribute. example: Department name: type: string description: Name of the dimension attribute. example: department dimensions: type: array nullable: true items: type: object properties: id: type: string description: Unique ID of the dimension. example: b3c28992ba964a40a7598978139d1ced name: type: string description: Name of the dimension. example: Manager Austin Branch description: type: string nullable: true description: Description of the dimension. example: Managers located at the Austin branch entitlements: type: array description: Entitlements included with the role. nullable: true items: allOf: - $ref: '#/components/schemas/BaseEntitlement' - properties: sourceSchemaObjectType: type: string description: Schema objectType. example: group hash: type: string description: Read-only calculated hash value of an entitlement. example: c6fab95235584cca98a454a2f51e5683bc77d6a0 accessProfiles: type: array nullable: true description: Access profiles included in the dimension. items: $ref: '#/components/schemas/BaseAccessProfile' RoleSummary: $ref: '#/components/schemas/AccessProfileRole' SearchDocument: type: object oneOf: - $ref: '#/components/schemas/AccessProfileDocument' - $ref: '#/components/schemas/AccountActivityDocument' - $ref: '#/components/schemas/EntitlementDocument' - $ref: '#/components/schemas/EventDocument' - $ref: '#/components/schemas/IdentityDocument' - $ref: '#/components/schemas/RoleDocument' SavedSearch: type: object allOf: - type: object properties: id: description: | The saved search ID. type: string example: 0de46054-fe90-434a-b84e-c6b3359d0c64 owner: description: | The owner of the saved search. $ref: '#/components/schemas/TypedReference' ownerId: type: string description: The ID of the identity that owns this saved search. example: 2c91808568c529c60168cca6f90c1313 public: type: boolean description: Whether this saved search is visible to anyone but the owner. This field will always be false as there is no way to set a saved search as public at this time. default: false example: false - $ref: '#/components/schemas/SavedSearchName' - $ref: '#/components/schemas/SavedSearchDetail' Schedule: type: object description: The schedule information. properties: type: $ref: '#/components/schemas/ScheduleType' months: allOf: - $ref: '#/components/schemas/Selector' - description: | The months to execute the search. This only applies to schedules with a type of `ANNUALLY`. example: type: LIST values: - '3' - '6' - '9' - '12' nullable: true days: allOf: - $ref: '#/components/schemas/Selector' - description: | The days to execute the search. If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. If `type` is `MONTHLY` or `ANNUALLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. example: type: LIST values: - MON - WED - FRI nullable: true hours: allOf: - $ref: '#/components/schemas/Selector' - description: The hours selected. example: type: RANGE values: - '9' - '18' interval: 3 expiration: description: The schedule expiration date. Latest possible expiration date is '2038-01-19T03:14:07+0000' $ref: '#/components/schemas/DateTime' timeZoneId: description: The canonical TZ identifier the schedule will run in (ex. America/New_York). If no timezone is specified, the org's default timezone is used. nullable: true type: string example: America/Chicago required: - type - hours ScheduledSearch: type: object allOf: - type: object properties: id: description: The scheduled search ID. type: string example: 0de46054-fe90-434a-b84e-c6b3359d0c64 readOnly: true owner: description: The owner of the scheduled search readOnly: true type: object properties: type: type: string description: The type of object being referenced enum: - IDENTITY example: IDENTITY id: type: string description: The ID of the referenced object example: 2c9180867624cbd7017642d8c8c81f67 required: - type - id ownerId: description: | The ID of the scheduled search owner. Please use the `id` in the `owner` object instead. type: string example: 2c9180867624cbd7017642d8c8c81f67 readOnly: true deprecated: true - $ref: '#/components/schemas/ScheduledSearchName' - $ref: '#/components/schemas/SearchSchedule' required: - id - owner - ownerId ServiceDeskIntegrationDto: allOf: - type: object description: Service Desk integration's specification. required: - name - description - type - attributes properties: id: type: string description: Unique identifier for the Service Desk integration example: 62945a496ef440189b1f03e3623411c8 name: description: Service Desk integration's name. The name must be unique. type: string example: Service Desk Integration Name created: type: string format: date-time description: The date and time the Service Desk integration was created example: '2024-01-17T18:45:25.994Z' modified: type: string format: date-time description: The date and time the Service Desk integration was last modified example: '2024-02-18T18:45:25.994Z' description: description: Service Desk integration's description. type: string example: A very nice Service Desk integration type: description: | Service Desk integration types: - ServiceNowSDIM - ServiceNow type: string default: ServiceNowSDIM example: ServiceNowSDIM ownerRef: allOf: - $ref: '#/components/schemas/OwnerDto' clusterRef: allOf: - $ref: '#/components/schemas/SourceClusterDto' cluster: description: Cluster ID for the Service Desk integration (replaced by clusterRef, retained for backward compatibility). type: string example: xyzzy999 deprecated: true nullable: true managedSources: description: Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility). type: array items: type: string deprecated: true example: - 2c9180835d191a86015d28455b4a2329 - 2c5680835d191a85765d28455b4a9823 provisioningConfig: description: The 'provisioningConfig' property specifies the configuration used to provision integrations. $ref: '#/components/schemas/ProvisioningConfig' attributes: description: Service Desk integration's attributes. Validation constraints enforced by the implementation. type: object additionalProperties: true example: property: value key: value beforeProvisioningRule: allOf: - $ref: '#/components/schemas/BeforeProvisioningRuleDto' ServiceDeskIntegrationTemplateDto: allOf: - $ref: '#/components/schemas/BaseCommonDto' - type: object description: This is the model for a Service Desk integration template, used to create and edit Service Desk Integrations. required: - type - attributes - provisioningConfig properties: type: description: The 'type' property specifies the type of the Service Desk integration template. type: string example: Web Service SDIM default: Web Service SDIM attributes: description: The 'attributes' property value is a map of attributes available for integrations using this Service Desk integration template. type: object additionalProperties: true example: property: value key: value provisioningConfig: description: The 'provisioningConfig' property specifies the configuration used to provision integrations using the template. $ref: '#/components/schemas/ProvisioningConfig' ServiceDeskIntegrationTemplateType: description: This represents a Service Desk Integration template type. required: - type - scriptName type: object title: Service Desk Integration Template Type properties: name: description: This is the name of the type. example: aName type: string type: description: This is the type value for the type. example: aType type: string scriptName: description: This is the scriptName attribute value for the type. example: aScriptName type: string Source: type: object title: Source properties: id: type: string readOnly: true description: Source ID. example: 2c91808568c529c60168cca6f90c1324 name: type: string description: Source's human-readable name. example: My Source description: type: string description: Source's human-readable description. example: This is the corporate directory. owner: description: Reference to identity object who owns the source. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - IDENTITY example: IDENTITY id: type: string description: Owner identity's ID. example: 2c91808568c529c60168cca6f90c1313 name: type: string description: Owner identity's human-readable display name. example: MyName cluster: description: Reference to the source's associated cluster. type: object nullable: true required: - name - id - type properties: type: description: Type of object being referenced. type: string enum: - CLUSTER example: CLUSTER id: type: string description: Cluster ID. example: 2c9180866166b5b0016167c32ef31a66 name: type: string description: Cluster's human-readable display name. example: Corporate Cluster accountCorrelationConfig: description: Reference to account correlation config object. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - ACCOUNT_CORRELATION_CONFIG example: ACCOUNT_CORRELATION_CONFIG id: type: string description: Account correlation config ID. example: 2c9180855d191c59015d28583727245a name: type: string description: Account correlation config's human-readable display name. example: Directory [source-62867] Account Correlation accountCorrelationRule: description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - RULE example: RULE id: type: string description: Rule ID. example: 2c918085708c274401708c2a8a760001 name: type: string description: Rule's human-readable display name. example: Example Rule managerCorrelationMapping: allOf: - $ref: '#/components/schemas/ManagerCorrelationMapping' - nullable: true description: | Filter object used during manager correlation to match incoming manager values to an existing manager's account/identity. managerCorrelationRule: description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - RULE example: RULE id: type: string description: Rule ID. example: 2c918085708c274401708c2a8a760001 name: type: string description: Rule's human-readable display name. example: Example Rule beforeProvisioningRule: description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. ' type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - RULE example: RULE id: type: string description: Rule ID. example: 2c918085708c274401708c2a8a760001 name: type: string description: Rule's human-readable display name. example: Example Rule schemas: type: array items: type: object properties: type: description: Type of object being referenced. type: string enum: - CONNECTOR_SCHEMA example: CONNECTOR_SCHEMA id: type: string description: Schema ID. example: 2c91808568c529c60168cca6f90c1777 name: type: string description: Schema's human-readable display name. example: MySchema description: List of references to schema objects. example: - type: CONNECTOR_SCHEMA id: 2c9180835d191a86015d28455b4b232a name: account - type: CONNECTOR_SCHEMA id: 2c9180835d191a86015d28455b4b232b name: group passwordPolicies: type: array nullable: true items: type: object properties: type: description: Type of object being referenced. type: string enum: - PASSWORD_POLICY example: PASSWORD_POLICY id: type: string description: Policy ID. example: 2c91808568c529c60168cca6f90c1777 name: type: string description: Policy's human-readable display name. example: My Password Policy description: List of references to the associated PasswordPolicy objects. example: - type: PASSWORD_POLICY id: 2c9180855d191c59015d291ceb053980 name: Corporate Password Policy - type: PASSWORD_POLICY id: 2c9180855d191c59015d291ceb057777 name: Vendor Password Policy features: $ref: '#/components/schemas/SourceFeature' type: type: string description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. ' example: OpenLDAP - Direct connector: type: string description: Connector script name. example: active-directory connectorClass: type: string description: Fully qualified name of the Java class that implements the connector interface. example: sailpoint.connector.LDAPConnector connectorAttributes: type: object description: Connector specific configuration. This configuration will differ from type to type. example: healthCheckTimeout: 30 authSearchAttributes: - cn - uid - mail deleteThreshold: type: integer format: int32 description: Number from 0 to 100 that specifies when to skip the delete phase. example: 10 authoritative: type: boolean description: When this is true, it indicates that the source is referenced by an identity profile. default: false example: false managementWorkgroup: description: Reference to management workgroup for the source. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - GOVERNANCE_GROUP example: GOVERNANCE_GROUP id: type: string description: Management workgroup ID. example: 2c91808568c529c60168cca6f90c2222 name: type: string description: Management workgroup's human-readable display name. example: My Management Workgroup healthy: type: boolean description: When this is true, it indicates that the source is healthy. default: false example: true status: type: string enum: - SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT - SOURCE_STATE_ERROR_CLUSTER - SOURCE_STATE_ERROR_SOURCE - SOURCE_STATE_ERROR_VA - SOURCE_STATE_FAILURE_CLUSTER - SOURCE_STATE_FAILURE_SOURCE - SOURCE_STATE_HEALTHY - SOURCE_STATE_UNCHECKED_CLUSTER - SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES - SOURCE_STATE_UNCHECKED_SOURCE - SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS description: 'Status identifier that gives specific information about why a source is or isn''t healthy. ' example: SOURCE_STATE_HEALTHY since: type: string description: Timestamp that shows when a source health check was last performed. example: '2021-09-28T15:48:29.3801666300Z' connectorId: type: string description: Connector ID example: active-directory connectorName: type: string description: Name of the connector that was chosen during source creation. example: Active Directory connectionType: type: string description: Type of connection (direct or file). example: file connectorImplementationId: type: string description: Connector implementation ID. example: delimited-file created: type: string description: Date-time when the source was created format: date-time example: '2022-02-08T14:50:03.827Z' modified: type: string description: Date-time when the source was last modified. format: date-time example: '2024-01-23T18:08:50.897Z' credentialProviderEnabled: type: boolean description: If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials. default: false example: false category: type: string nullable: true default: null description: Source category (e.g. null, CredentialProvider). example: CredentialProvider required: - name - owner - connector SourceHealthDto: type: object title: Source Health Dto description: Dto for source health data properties: id: type: string readOnly: true description: the id of the Source example: 2c91808568c529c60168cca6f90c1324 type: type: string description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc.. If you are creating a Delimited File source, you must set the `provisionasCsv` query parameter to `true`. ' example: OpenLDAP - Direct name: type: string description: the name of the source example: Source1234 org: type: string description: source's org example: denali-cjh isAuthoritative: type: boolean example: false description: Is the source authoritative isCluster: type: boolean example: false description: Is the source in a cluster hostname: type: string example: megapod-useast1-secret-hostname.sailpoint.com description: source's hostname pod: type: string description: source's pod example: megapod-useast1 iqServiceVersion: type: string nullable: true description: The version of the iqService example: iqVersion123 status: type: string enum: - SOURCE_STATE_ERROR_CLUSTER - SOURCE_STATE_ERROR_SOURCE - SOURCE_STATE_ERROR_VA - SOURCE_STATE_FAILURE_CLUSTER - SOURCE_STATE_FAILURE_SOURCE - SOURCE_STATE_HEALTHY - SOURCE_STATE_UNCHECKED_CLUSTER - SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES - SOURCE_STATE_UNCHECKED_SOURCE - SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS - SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT description: connection test result example: SOURCE_STATE_UNCHECKED_SOURCE SourceSchedule: $ref: '#/components/schemas/Schedule-3' Transform: type: object title: Transform description: The representation of an internally- or customer-defined transform. required: - name - type - attributes properties: name: type: string description: Unique name of this transform example: Timestamp To Date minLength: 1 maxLength: 50 type: type: string description: The type of transform operation enum: - accountAttribute - base64Decode - base64Encode - concat - conditional - dateCompare - dateFormat - dateMath - decomposeDiacriticalMarks - e164phone - firstValid - rule - identityAttribute - indexOf - iso3166 - lastIndexOf - leftPad - lookup - lower - normalizeNames - randomAlphaNumeric - randomNumeric - reference - replaceAll - replace - rightPad - split - static - substring - trim - upper - usernameGenerator - uuid - displayName - rfc5646 example: dateFormat externalDocs: description: Transform Operations url: https://developer.sailpoint.com/docs/extensibility/transforms/operations attributes: nullable: true description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. oneOf: - $ref: '#/components/schemas/AccountAttribute' - $ref: '#/components/schemas/Base64Decode' - $ref: '#/components/schemas/Base64Encode' - $ref: '#/components/schemas/Concatenation' - $ref: '#/components/schemas/Conditional' - $ref: '#/components/schemas/DateCompare' - $ref: '#/components/schemas/DateFormat' - $ref: '#/components/schemas/DateMath' - $ref: '#/components/schemas/DecomposeDiacriticalMarks' - $ref: '#/components/schemas/E164phone' - $ref: '#/components/schemas/FirstValid' - $ref: '#/components/schemas/Rule' - $ref: '#/components/schemas/IdentityAttribute' - $ref: '#/components/schemas/IndexOf' - $ref: '#/components/schemas/ISO3166' - $ref: '#/components/schemas/LeftPad' - $ref: '#/components/schemas/Lookup' - $ref: '#/components/schemas/Lower' - $ref: '#/components/schemas/NameNormalizer' - $ref: '#/components/schemas/RandomAlphaNumeric' - $ref: '#/components/schemas/RandomNumeric' - $ref: '#/components/schemas/Reference-2' - $ref: '#/components/schemas/ReplaceAll' - $ref: '#/components/schemas/Replace' - $ref: '#/components/schemas/RightPad' - $ref: '#/components/schemas/Split' - $ref: '#/components/schemas/Static' - $ref: '#/components/schemas/Substring' - $ref: '#/components/schemas/Trim' - $ref: '#/components/schemas/Upper' - $ref: '#/components/schemas/UUIDGenerator' WorkItems: type: object title: Work Items properties: id: type: string description: ID of the work item example: 2c9180835d2e5168015d32f890ca1581 requesterId: type: string description: ID of the requester example: 2c9180835d2e5168015d32f890ca1581 nullable: true requesterDisplayName: type: string description: The displayname of the requester example: John Smith nullable: true ownerId: type: string description: The ID of the owner example: 2c9180835d2e5168015d32f890ca1581 nullable: true ownerName: type: string description: The name of the owner example: Jason Smith created: type: string format: date-time example: '2017-07-11T18:45:37.098Z' description: Time when the work item was created modified: type: string format: date-time example: '2018-06-25T20:22:28.104Z' description: Time when the work item was last updated nullable: true description: type: string description: The description of the work item example: Create account on source 'AD' state: $ref: '#/components/schemas/WorkItemStateManualWorkItems' type: $ref: '#/components/schemas/WorkItemTypeManualWorkItems' remediationItems: type: array nullable: true items: $ref: '#/components/schemas/RemediationItemDetails' description: A list of remediation items approvalItems: type: array nullable: true items: $ref: '#/components/schemas/ApprovalItemDetails' description: A list of items that need to be approved name: type: string description: The work item name example: Account Create nullable: true completed: type: string format: date-time example: '2018-10-19T13:49:37.385Z' description: The time at which the work item completed nullable: true numItems: type: integer format: int32 description: The number of items in the work item example: 19 nullable: true form: allOf: - $ref: '#/components/schemas/FormDetails' - nullable: true errors: type: array items: type: string example: - The work item ID that was specified was not found. description: An array of errors that ocurred during the work item WorkItemsCount: type: object title: Work Items Count properties: count: type: integer description: The count of work items example: 29 WorkItemsSummary: type: object title: Work Items Summary properties: open: type: integer description: The count of open work items example: 29 completed: type: integer description: The count of completed work items example: 1 total: type: integer description: The count of total work items example: 30 AccountUsage: type: object title: Account Usage properties: date: type: string format: date description: The first day of the month for which activity is aggregated. example: '2023-04-21' count: type: integer format: int64 description: The number of days within the month that the account was active in a source. example: 10 SourceUsage: type: object title: Source Usage properties: date: type: string format: date description: The first day of the month for which activity is aggregated. example: '2023-04-21' count: type: number format: float description: The average number of days that accounts were active within this source, for the month. example: 10.45 SourceUsageStatus: type: object title: Source Usage Status properties: status: type: string description: |- Source Usage Status. Acceptable values are: - COMPLETE - This status means that an activity data source has been setup and usage insights are available for the source. - INCOMPLETE - This status means that an activity data source has not been setup and usage insights are not available for the source. example: COMPLETE enum: - COMPLETE - INCOMPLETE BrandingItem: type: object title: Branding Item properties: name: type: string description: name of branding item example: default productName: type: string description: product name example: product name nullable: true actionButtonColor: type: string description: hex value of color for action button example: 0074D9 nullable: true activeLinkColor: type: string description: hex value of color for link example: '011E69' nullable: true navigationColor: type: string description: hex value of color for navigation bar example: '011E69' nullable: true emailFromAddress: type: string description: email from address example: no-reply@sailpoint.com nullable: true standardLogoURL: type: string description: url to standard logo example: '' nullable: true loginInformationalMessage: type: string description: login information message example: '' nullable: true BrandingItemCreate: type: object title: Branding Item Create required: - name - productName properties: name: type: string description: name of branding item example: custom-branding-item productName: type: string description: product name example: product name nullable: true actionButtonColor: type: string description: hex value of color for action button example: 0074D9 activeLinkColor: type: string description: hex value of color for link example: '011E69' navigationColor: type: string description: hex value of color for navigation bar example: '011E69' emailFromAddress: type: string description: email from address example: no-reply@sailpoint.com loginInformationalMessage: type: string description: login information message example: '' fileStandard: type: string format: binary description: png file with logo example: \x00\x00\x00\x02 RoleBulkUpdateResponse: type: object properties: id: type: string description: ID of the task which is executing the bulk update. This also used in to the bulk-update/** API to track status. example: 2c9180867817ac4d017817c491119a20 type: type: string description: Type of the bulk update object. example: Role status: type: string description: The status of the bulk update request, could also checked by getBulkUpdateStatus API enum: - CREATED - PRE_PROCESS - PRE_PROCESS_COMPLETED - POST_PROCESS - COMPLETED - CHUNK_PENDING - CHUNK_PROCESSING example: CREATED created: type: string description: Time when the bulk update request was created format: date-time example: '2020-10-08T18:33:52.029Z' RoleGetAllBulkUpdateResponse: type: object properties: id: type: string description: ID of the task which is executing the bulk update. This also used in to the bulk-update/** API to track status. example: 2c9180867817ac4d017817c491119a20 type: type: string description: Type of the bulk update object. example: Role status: type: string description: The status of the bulk update request, only list unfinished request's status, the status could also checked by getBulkUpdateStatus API enum: - CREATED - PRE_PROCESS - POST_PROCESS - CHUNK_PENDING - CHUNK_PROCESSING example: CREATED created: type: string description: Time when the bulk update request was created format: date-time example: '2020-10-08T18:33:52.029Z' RoleListFilterDTO: description: AMMFilterValues type: object properties: filters: type: string description: |- Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in* **name**: *eq, sw* **created**: *gt, lt, ge, le* **modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* example: dimensional eq false nullable: true ammKeyValues: nullable: true type: array items: type: object properties: attribute: description: attribute key of a metadata. type: string example: iscFederalClassifications values: description: A list of attribute key names to filter roles. If the values is empty, will only filter by attribute key. type: array items: type: string example: secret example: - secret example: - attribute: iscFederalClassifications values: - secret RoleMetadataBulkUpdateByFilterRequest: description: This API initialize a a Bulk update by filter request of Role metadata. The maximum meta data values that one single role assigned can not exceed 25. Custom metadata need suit licensed. type: object properties: filters: description: |- Filtering is supported for the following fields and operators: **id** : *eq, in* **name** : *eq, sw* **created** : *gt, lt, ge, le* **modified** : *gt, lt, ge, le* **owner.id** : *eq, in* **requestable** : *eq* type: string example: ' requestable eq false' operation: description: The operation to be performed type: string enum: - ADD - REMOVE - REPLACE example: REPLACE replaceScope: description: The choice of update scope. type: string enum: - ALL - ATTRIBUTE example: ALL values: description: The metadata to be updated, including attribute key and value. type: array nullable: false items: type: object required: - attribute - values properties: attributeKey: type: string description: the key of metadata attribute example: iscFederalClassifications values: type: array description: the values of attribute to be updated items: type: string example: secret nullable: true example: - secret example: - attribute: iscFederalClassifications values: - topSecret required: - filters - operation - values RoleMetadataBulkUpdateByIdRequest: description: This API initialize a Bulk update by Id request of Role metadata. The maximum role count in a single update request is 3000. The maximum meta data values that one single role assigned can not exceed 25. Custom metadata need suit licensed. type: object properties: roles: description: Roles' Id to be updated type: array items: type: string example: - b1db89554cfa431cb8b9921ea38d9367 operation: description: The operation to be performed type: string enum: - ADD - REMOVE - REPLACE example: REPLACE replaceScope: description: The choice of update scope. type: string enum: - ALL - ATTRIBUTE example: ALL values: description: The metadata to be updated, including attribute key and value. type: array nullable: false items: type: object required: - attribute - values properties: attribute: type: string description: the key of metadata attribute example: iscFederalClassifications values: type: array description: the values of attribute to be updated items: type: string example: secret nullable: true example: - secret example: - attribute: iscFederalClassifications values: - topSecret required: - roles - operation - values RoleMetadataBulkUpdateByQueryRequest: description: |- Bulk update by query request of Role metadata. The maximum meta data values that one single role assigned can not exceed 25. Custom metadata need suit licensed. For more information about the query could refer to [V3 API Perform Search](https://developer.sailpoint.com/docs/api/v3/search-post) type: object properties: query: description: query the identities to be updated type: object items: $ref: '#/components/schemas/Search' example: query": indices: - roles queryType: TEXT textQuery: terms: - test123 fields: - id matchAny: false contains: true includeNested: false operation: description: The operation to be performed type: string enum: - ADD - REMOVE - REPLACE example: REPLACE replaceScope: description: The choice of update scope. type: string enum: - ALL - ATTRIBUTE example: ALL values: description: The metadata to be updated, including attribute key and value. type: array nullable: false items: type: object required: - attribute - values properties: attributeKey: type: string description: the key of metadata attribute example: iscFederalClassifications attributeValue: type: array description: the values of attribute to be updated items: type: string example: topSecret example: - topSecret required: - query - operation - values OwnerReference: type: object nullable: true description: Owner of the object. properties: type: type: string enum: - IDENTITY description: Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result. example: IDENTITY id: type: string description: Owner's identity ID. example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Owner's name. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result. example: support AccessProfileSourceRef: type: object properties: id: type: string description: ID of the source the access profile is associated with. example: 2c91809773dee3610173fdb0b6061ef4 type: type: string enum: - SOURCE description: Source's DTO type. example: SOURCE name: type: string description: Source name. example: ODS-AD-SOURCE EntitlementRef: type: object description: Entitlement including a specific set of access. properties: type: type: string description: Entitlement's DTO type. enum: - ENTITLEMENT example: ENTITLEMENT id: type: string description: Entitlement's ID. example: 2c91809773dee32014e13e122092014e name: type: string nullable: true description: Entitlement's display name. example: CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local AccessDuration: type: object nullable: true properties: value: type: integer description: The numeric value representing the amount of time, which is defined in the **timeUnit**. format: int32 example: 6 timeUnit: type: string description: The unit of time that corresponds to the **value**. It defines the scale of the time period. enum: - HOURS - DAYS - WEEKS - MONTHS example: MONTHS AccessProfileApprovalScheme: type: object properties: approverType: type: string enum: - APP_OWNER - OWNER - SOURCE_OWNER - MANAGER - GOVERNANCE_GROUP - WORKFLOW description: |- Describes the individual or group that is responsible for an approval step. These are the possible values: **APP_OWNER**: The owner of the Application **OWNER**: Owner of the associated Access Profile or Role **SOURCE_OWNER**: Owner of the Source associated with an Access Profile **MANAGER**: Manager of the Identity making the request **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field **WORKFLOW**: A Workflow, the ID of which is specified by the **approverId** field. Workflow is exclusive to other types of approvals and License required. example: GOVERNANCE_GROUP approverId: type: string nullable: true description: Id of the specific approver, used when approverType is GOVERNANCE_GROUP or WORKFLOW. example: 46c79819-a69f-49a2-becb-12c971ae66c6 Requestability: type: object nullable: true properties: commentsRequired: type: boolean description: Indicates whether the requester of the containing object must provide comments justifying the request. example: true nullable: true default: false denialCommentsRequired: type: boolean description: Indicates whether an approver must provide comments when denying the request. example: true nullable: true default: false reauthorizationRequired: type: boolean description: Indicates whether reauthorization is required for the request. example: true nullable: true default: false requireEndDate: type: boolean description: Indicates whether the requester of the containing object must provide access end date. example: true nullable: true default: false maxPermittedAccessDuration: $ref: '#/components/schemas/AccessDuration' nullable: true approvalSchemes: type: array nullable: true description: List describing the steps involved in approving the request. items: $ref: '#/components/schemas/AccessProfileApprovalScheme' Revocability: type: object nullable: true properties: approvalSchemes: type: array nullable: true description: List describing the steps involved in approving the revocation request. items: $ref: '#/components/schemas/AccessProfileApprovalScheme' AttributeValueDTO: type: object properties: value: type: string description: Technical name of the Attribute value. This is unique and cannot be changed after creation. example: public name: type: string description: The display name of the Attribute value. example: Public status: type: string description: The status of the Attribute value. example: active AttributeDTO: type: object properties: key: type: string description: Technical name of the Attribute. This is unique and cannot be changed after creation. example: iscPrivacy name: type: string description: The display name of the key. example: Privacy multiselect: type: boolean default: false description: Indicates whether the attribute can have multiple values. example: false status: type: string description: The status of the Attribute. example: active type: type: string description: The type of the Attribute. This can be either "custom" or "governance". example: governance objectTypes: type: array items: type: string nullable: true description: An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported. example: - entitlement description: type: string description: The description of the Attribute. example: Specifies the level of privacy associated with an access item. values: type: array nullable: true items: $ref: '#/components/schemas/AttributeValueDTO' AttributeDTOList: type: object properties: attributes: type: array nullable: true items: $ref: '#/components/schemas/AttributeDTO' example: - key: iscPrivacy name: Privacy multiselect: false status: active type: governance objectTypes: - all description: Specifies the level of privacy associated with an access item. values: - value: public name: Public status: active ProvisioningCriteriaOperation: type: string enum: - EQUALS - NOT_EQUALS - CONTAINS - HAS - AND - OR description: Supported operations on `ProvisioningCriteria`. example: EQUALS ProvisioningCriteriaLevel3: type: object description: Defines matching criteria for an account to be provisioned with a specific access profile. properties: operation: $ref: '#/components/schemas/ProvisioningCriteriaOperation' attribute: type: string description: Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error. example: email nullable: true value: type: string nullable: true description: String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type. example: carlee.cert1c9f9b6fd@mailinator.com children: type: string nullable: true description: Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. example: null ProvisioningCriteriaLevel2: type: object description: Defines matching criteria for an account to be provisioned with a specific access profile. properties: operation: $ref: '#/components/schemas/ProvisioningCriteriaOperation' attribute: type: string description: Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error. example: email nullable: true value: type: string nullable: true description: String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type. example: carlee.cert1c9f9b6fd@mailinator.com children: type: array items: $ref: '#/components/schemas/ProvisioningCriteriaLevel3' nullable: true description: Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. example: null ProvisioningCriteriaLevel1: type: object nullable: true description: Defines matching criteria for an account to be provisioned with a specific access profile. properties: operation: $ref: '#/components/schemas/ProvisioningCriteriaOperation' attribute: type: string description: Name of the account attribute to be tested. If **operation** is one of `EQUALS`, `NOT_EQUALS`, `CONTAINS`, or `HAS`, this field is required. Otherwise, specifying it results in an error. example: email nullable: true value: type: string nullable: true description: String value to test the account attribute w/r/t the specified operation. If the operation is one of `EQUALS`, `NOT_EQUALS`, or `CONTAINS`, this field is required. Otherwise, specifying it results in an error. If the attribute is not string-typed, the API will convert it to the appropriate type. example: carlee.cert1c9f9b6fd@mailinator.com children: type: array items: $ref: '#/components/schemas/ProvisioningCriteriaLevel2' nullable: true description: Array of child criteria. This field is required if the operation is `AND` or `OR`. Otherwise, it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. example: null AccessProfile: type: object description: Access profile. properties: id: type: string description: Access profile ID. example: 2c91808a7190d06e01719938fcd20792 readOnly: true name: type: string description: Access profile name. example: Employee-database-read-write description: type: string nullable: true description: Access profile description. example: Collection of entitlements to read/write the employee database created: type: string description: Date and time when the access profile was created. format: date-time example: '2021-03-01T22:32:58.104Z' readOnly: true modified: type: string description: Date and time when the access profile was last modified. format: date-time example: '2021-03-02T20:22:28.104Z' readOnly: true enabled: type: boolean default: false description: Indicates whether the access profile is enabled. If it's enabled, you must include at least one entitlement. example: true owner: $ref: '#/components/schemas/OwnerReference' description: Access profile owner. source: $ref: '#/components/schemas/AccessProfileSourceRef' entitlements: type: array nullable: true description: List of entitlements associated with the access profile. If `enabled` is false, this can be empty. Otherwise, it must contain at least one entitlement. items: $ref: '#/components/schemas/EntitlementRef' requestable: type: boolean default: true description: Indicates whether the access profile is requestable by access request. Currently, making an access profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an access profile with a value **false** in this field results in a 400 error. example: true accessRequestConfig: $ref: '#/components/schemas/Requestability' nullable: true description: Access request configuration for the object. revocationRequestConfig: $ref: '#/components/schemas/Revocability' nullable: true description: Revocation request configuration for the object. segments: type: array nullable: true items: type: string description: List of segment IDs, if any, that the access profile is assigned to. example: - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 - 29cb6c06-1da8-43ea-8be4-b3125f248f2a accessModelMetadata: $ref: '#/components/schemas/AttributeDTOList' description: This field must be left null or empty when creating an Role, otherwise a 400 Bad Request error will result. example: - key: iscFederalClassifications name: Federal Classifications multiselect: true status: active type: governance objectTypes: - general description: Classification used by government organizations to specify the level of confidentiality for an access item. values: - value: secret name: Secret status: active provisioningCriteria: $ref: '#/components/schemas/ProvisioningCriteriaLevel1' description: When an identity has multiple accounts on the source the access profile is associated with, the API evaluates this expression against those accounts to choose one to provision with the access profile. nullable: true example: operation: OR children: - operation: AND children: - attribute: dn operation: CONTAINS value: useast - attribute: manager operation: CONTAINS value: Scott.Clark - operation: AND children: - attribute: dn operation: EQUALS value: Gibson - attribute: telephoneNumber operation: CONTAINS value: '512' additionalOwners: type: array nullable: true items: $ref: '#/components/schemas/OwnerReference' required: - owner - name - source LocaleOrigin: type: string enum: - DEFAULT - REQUEST - null description: An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice. example: DEFAULT nullable: true ErrorMessageDto: type: object title: Error Message Dto properties: locale: type: string description: The locale for the message text, a BCP 47 language tag. example: en-US nullable: true localeOrigin: $ref: '#/components/schemas/LocaleOrigin' text: type: string description: Actual text of the error message in the indicated locale. example: The request was syntactically correct but its content is semantically invalid. ErrorResponseDto: type: object title: Error Response Dto properties: detailCode: type: string description: Fine-grained error code providing more detail of the error. example: 400.1 Bad Request Content trackingId: type: string description: Unique tracking id for the error. example: e7eab60924f64aa284175b9fa3309599 messages: type: array description: Generic localized reason for error items: $ref: '#/components/schemas/ErrorMessageDto' causes: type: array description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field items: $ref: '#/components/schemas/ErrorMessageDto' JsonPatchOperation: type: object title: Json Patch Operation description: A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902) required: - op - path properties: op: type: string description: The operation to be performed enum: - add - remove - replace - move - copy - test example: replace path: type: string description: A string JSON Pointer representing the target path to an element to be affected by the operation example: /description value: oneOf: - type: string example: New description title: string - type: boolean example: true title: boolean - type: integer example: 300 title: integer - type: object title: object example: attributes: name: philip - type: array title: array items: anyOf: - type: string - type: integer - type: object example: - '001' - '002' - '003' description: The value to be used for the operation, required for "add" and "replace" operations example: New description AccessProfileBulkDeleteRequest: type: object properties: accessProfileIds: description: List of IDs of Access Profiles to be deleted. type: array items: type: string example: - 2c9180847812e0b1017817051919ecca - 2c9180887812e0b201781e129f151816 bestEffortOnly: description: If **true**, silently skip over any of the specified Access Profiles if they cannot be deleted because they are in use. If **false**, no deletions will be attempted if any of the Access Profiles are in use. type: boolean example: true AccessProfileUsage: type: object properties: accessProfileId: type: string description: ID of the Access Profile that is in use example: 2c91808876438bbb017668c21919ecca usedBy: type: array description: List of references to objects which are using the indicated Access Profile items: type: object description: Role using the access profile. properties: type: type: string description: DTO type of role using the access profile. enum: - ROLE example: ROLE id: type: string description: ID of role using the access profile. example: 2c8180857a9b3da0017aa03418480f9d name: type: string description: Display name of role using the access profile. example: Manager Role AccessProfileBulkDeleteResponse: type: object properties: taskId: type: string description: ID of the task which is executing the bulk deletion. This can be passed to the **/task-status** API to track status. example: 2c9180867817ac4d017817c491119a20 pending: type: array description: List of IDs of Access Profiles which are pending deletion. items: type: string example: - 2c91808876438bbb017668c21919ecca - 2c91808876438bb201766e129f151816 inUse: type: array description: List of usages of Access Profiles targeted for deletion. items: $ref: '#/components/schemas/AccessProfileUsage' AccessModelMetadata: type: object title: Access Model Metadata description: Metadata that describes an access item properties: key: type: string description: Unique identifier for the metadata type example: iscCsp name: type: string description: Human readable name of the metadata type example: CSP multiselect: type: boolean default: false example: true description: Allows selecting multiple values status: type: string description: The state of the metadata item example: active type: type: string description: The type of the metadata item example: governance objectTypes: type: array description: The types of objects items: type: string example: general description: type: string description: Describes the metadata item example: Indicates the type of deployment environment of an access item. values: type: array description: The value to assign to the metadata item items: type: object description: An individual value to assign to the metadata item properties: value: type: string description: The value to assign to the metdata item example: development name: type: string description: Display name of the value example: Development status: type: string description: The status of the individual value example: active PermissionDto: type: object title: Permission DTO description: Simplified DTO for the Permission objects stored in SailPoint's database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers. properties: rights: type: array description: All the rights (e.g. actions) that this permission allows on the target readOnly: true items: type: string example: SELECT target: type: string description: The target the permission would grants rights on. readOnly: true example: SYS.GV_$TRANSACTION Entitlement: type: object title: Entitlement properties: id: type: string description: The entitlement id example: 2c91808874ff91550175097daaec161c name: type: string description: The entitlement name example: LauncherTest2 attribute: type: string description: The entitlement attribute name example: memberOf value: type: string description: The value of the entitlement example: CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local sourceSchemaObjectType: type: string description: The object type of the entitlement from the source schema example: group description: type: string description: The description of the entitlement example: CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local nullable: true privileged: type: boolean description: True if the entitlement is privileged example: true cloudGoverned: type: boolean description: True if the entitlement is cloud governed example: true requestable: type: boolean description: True if the entitlement is able to be directly requested example: true default: false owner: type: object description: The identity that owns the entitlement nullable: true properties: id: type: string description: The identity ID example: 2c9180827ca885d7017ca8ce28a000eb type: type: string enum: - IDENTITY description: The type of object example: IDENTITY name: type: string description: The display name of the identity example: john.doe manuallyUpdatedFields: type: object description: A map of entitlement fields that have been manually updated. The key is the field name in UPPER_SNAKE_CASE format, and the value is true or false to indicate if the field has been updated. nullable: true additionalProperties: true example: DISPLAY_NAME: true DESCRIPTION: true accessModelMetadata: type: object description: Additional data to classify the entitlement properties: attributes: type: array items: $ref: '#/components/schemas/AccessModelMetadata' created: type: string description: Time when the entitlement was created format: date-time example: '2020-10-08T18:33:52.029Z' modified: type: string description: Time when the entitlement was last modified format: date-time example: '2020-10-08T18:33:52.029Z' source: type: object properties: id: type: string description: The source ID example: 2c9180827ca885d7017ca8ce28a000eb type: type: string description: The source type, will always be "SOURCE" example: SOURCE name: type: string description: The source name example: ODS-AD-Source attributes: type: object description: A map of free-form key-value pairs from the source system example: fieldName: fieldValue additionalProperties: true segments: type: array items: type: string nullable: true description: List of IDs of segments, if any, to which this Entitlement is assigned. example: - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 - 29cb6c06-1da8-43ea-8be4-b3125f248f2a directPermissions: type: array items: $ref: '#/components/schemas/PermissionDto' AccessRequestType: type: string enum: - GRANT_ACCESS - REVOKE_ACCESS - null description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field. example: GRANT_ACCESS nullable: true AccountItemRef: type: object properties: accountUuid: type: string nullable: true description: The uuid for the account, available under the 'objectguid' attribute example: '{fab7119e-004f-4822-9c33-b8d570d6c6a6}' nativeIdentity: type: string nullable: false description: The 'distinguishedName' attribute for the account example: CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local SourceItemRef: type: object properties: sourceId: type: string nullable: true description: The id for the source on which account selections are made example: cb89bc2f1ee6445fbea12224c526ba3a accounts: description: A list of account selections on the source. Currently, only one selection per source is supported. type: array items: $ref: '#/components/schemas/AccountItemRef' nullable: true RequestedItemDtoRef: type: object properties: type: type: string enum: - ACCESS_PROFILE - ROLE - ENTITLEMENT description: The type of the item being requested. example: ACCESS_PROFILE id: type: string description: ID of Role, Access Profile or Entitlement being requested. example: 2c9180835d2e5168015d32f890ca1581 comment: type: string description: | Comment provided by requester. * Comment is required when the request is of type Revoke Access. example: Requesting access profile for John Doe clientMetadata: type: object additionalProperties: type: string example: requestedAppId: 2c91808f7892918f0178b78da4a305a1 requestedAppName: test-app example: requestedAppName: test-app requestedAppId: 2c91808f7892918f0178b78da4a305a1 description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status. removeDate: type: string description: | The date and time the role or access profile or entitlement is no longer assigned to the specified identity. Also known as the expiration date. * Specify a date-time in the future. * The current SLA for the deprovisioning is 24 hours. * This date-time can be used to change the duration of an existing access item assignment for the specified identity. A GRANT_ACCESS request can extend duration or even remove an expiration date, and either a GRANT_ACCESS or REVOKE_ACCESS request can reduce duration or add an expiration date where one has not previously been present. You can change the expiration date in requests for yourself or others you are authorized to request for. format: date-time example: '2020-07-11T21:23:15.000Z' accountSelection: type: array items: $ref: '#/components/schemas/SourceItemRef' nullable: true description: | The accounts where the access item will be provisioned to * Includes selections performed by the user in the event of multiple accounts existing on the same source * Also includes details for sources where user only has one account required: - id - type RequestedForDtoRef: type: object properties: identityId: type: string nullable: false description: The identity id for which the access is requested example: cb89bc2f1ee6445fbea12224c526ba3a requestedItems: description: the details for the access items that are requested for the identity type: array items: $ref: '#/components/schemas/RequestedItemDtoRef' nullable: false required: - identityId - requestedItems RequestedItemDetails: type: object properties: type: type: string description: The type of access item requested. enum: - ACCESS_PROFILE - ENTITLEMENT - ROLE example: ENTITLEMENT id: type: string description: The id of the access item requested. example: 779c6fd7171540bba1184e5946112c28 AccessRequestTracking: type: object properties: requestedFor: type: string description: The identity id in which the access request is for. example: 2c918084660f45d6016617daa9210584 requestedItemsDetails: type: array description: The details of the item requested. example: |- { "type": "ENTITLEMENT", "id": "779c6fd7171540bba1184e5946112c28" } items: $ref: '#/components/schemas/RequestedItemDetails' attributesHash: type: integer format: int32 description: a hash representation of the access requested, useful for longer term tracking client side. example: -1928438224 accessRequestIds: type: array items: type: string description: a list of access request identifiers, generally only one will be populated, but high volume requested may result in multiple ids. example: - 5d3118c518a44ec7805450d53479ccdb AccessRequestResponse: type: object properties: newRequests: description: A list of new access request tracking data mapped to the values requested. type: array items: $ref: '#/components/schemas/AccessRequestTracking' example: - requestedFor: 899fd612ecfc4cf3bf48f14d0afdef89 requestedItemsDetails: - type: ENTITLEMENT id: 779c6fd7171540bba1184e5946112c28 attributesHash: -1928438224 accessRequestIds: - 5d3118c518a44ec7805450d53479ccdb existingRequests: description: A list of existing access request tracking data mapped to the values requested. This indicates access has already been requested for this item. type: array items: $ref: '#/components/schemas/AccessRequestTracking' example: - requestedFor: 899fd612ecfc4cf3bf48f14d0afdef89 requestedItemsDetails: - type: ROLE id: 779c6fd7171540bbc1184e5946112c28 attributesHash: 2843118224 accessRequestIds: - 5d3118c518a44ec7805450d53479ccdc CancelAccessRequest: type: object title: Cancel Access Request description: Request body payload for cancel access request endpoint. required: - accountActivityId - comment properties: accountActivityId: type: string description: This refers to the identityRequestId. To successfully cancel an access request, you must provide the identityRequestId. example: 2c9180835d2e5168015d32f890ca1581 comment: type: string description: Reason for cancelling the pending access request. example: I requested this role by mistake. CloseAccessRequest: type: object title: Close Access Request description: Request body payload for close access requests endpoint. required: - accessRequestIds properties: accessRequestIds: type: array description: Access Request IDs for the requests to be closed. Accepts 1-500 Identity Request IDs per request. items: type: string example: - 2c90ad2a70ace7d50170acf22ca90010 message: type: string description: Reason for closing the access request. Displayed under Warnings in IdentityNow. default: The IdentityNow Administrator manually closed this request. example: The IdentityNow Administrator manually closed this request. executionStatus: type: string enum: - Terminated - Completed description: The request's provisioning status. Displayed as Stage in IdentityNow. default: Terminated example: Terminated completionStatus: type: string enum: - Success - Incomplete - Failure description: The request's overall status. Displayed as Status in IdentityNow. default: Failure example: Failure BulkCancelAccessRequest: type: object title: Bulk Cancel Access Request description: Request body payload for bulk cancel access request endpoint. required: - accessRequestIds - comment properties: accessRequestIds: type: array description: List of access requests ids to cancel the pending requests items: type: string example: - 2c9180835d2e5168015d32f890ca1581 - 2c9180835d2e5168015d32f890ca1582 comment: type: string description: Reason for cancelling the pending access request. example: I requested this role by mistake. AccountsSelectionRequest: type: object title: Accounts Selection Request properties: requestedFor: description: A list of Identity IDs for whom the Access is requested. type: array items: type: string example: 2c918084660f45d6016617daa9210584 requestType: $ref: '#/components/schemas/AccessRequestType' requestedItems: type: array items: $ref: '#/components/schemas/AccessRequestItem' minItems: 1 maxItems: 25 clientMetadata: type: object additionalProperties: type: string example: requestedAppId: 2c91808f7892918f0178b78da4a305a1 requestedAppName: test-app example: requestedAppId: 2c91808f7892918f0178b78da4a305a1 requestedAppName: test-app description: 'Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities. ' required: - requestedFor - requestedItems DtoType: type: string enum: - ACCOUNT_CORRELATION_CONFIG - ACCESS_PROFILE - ACCESS_REQUEST_APPROVAL - ACCOUNT - APPLICATION - CAMPAIGN - CAMPAIGN_FILTER - CERTIFICATION - CLUSTER - CONNECTOR_SCHEMA - ENTITLEMENT - GOVERNANCE_GROUP - IDENTITY - IDENTITY_PROFILE - IDENTITY_REQUEST - MACHINE_IDENTITY - LIFECYCLE_STATE - PASSWORD_POLICY - ROLE - RULE - SOD_POLICY - SOURCE - TAG - TAG_CATEGORY - TASK_RESULT - REPORT_RESULT - SOD_VIOLATION - ACCOUNT_ACTIVITY - WORKGROUP description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. example: IDENTITY AccountInfoRef: type: object properties: uuid: type: string description: The uuid for the account, available under the 'objectguid' attribute example: '{fab7119e-004f-4822-9c33-b8d570d6c6a6}' nativeIdentity: type: string description: The 'distinguishedName' attribute for the account example: CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local type: $ref: '#/components/schemas/DtoType' description: DTO type example: ACCOUNT id: type: string description: The account id example: f19d168c27374fd1aff3b483573f997f name: type: string description: The account display name example: UserAccount.761a2248b SourceAccountSelections: type: object properties: type: $ref: '#/components/schemas/DtoType' description: DTO type example: SOURCE id: description: The source id type: string example: 3ac3c43785a845fa9820b0c1ac767cd5 name: description: The source name example: Test Source_Name type: string accounts: description: The accounts information for a particular source in the requested item type: array items: $ref: '#/components/schemas/AccountInfoRef' RequestedItemAccountSelections: type: object properties: description: type: string description: The description for this requested item example: An access profile for the admins accountsSelectionBlocked: type: boolean default: false description: | This field indicates if account selections are not allowed for this requested item. * If true, this field indicates that account selections will not be available for this item and user combination. In this case, no account selections should be provided in the access request for this item and user combination, irrespective of whether the user has single or multiple accounts on a source. * An example is where a user is requesting an access profile that is already assigned to one of their accounts. example: false accountsSelectionBlockedReason: type: string description: If account selections are not allowed for an item, this field will denote the reason. nullable: true example: ACCESS_PROFILE_ALREADY_ASSIGNED_TO_AN_ACCOUNT type: type: string enum: - ACCESS_PROFILE - ROLE - ENTITLEMENT description: The type of the item being requested. example: ACCESS_PROFILE id: type: string description: The id of the requested item example: 720fd239701344aea76c93ba91376aec name: type: string description: The name of the requested item example: Test Access Profile sources: description: The details for the sources and accounts for the requested item and identity combination type: array items: $ref: '#/components/schemas/SourceAccountSelections' IdentityAccountSelections: type: object properties: requestedItems: description: Available account selections for the identity, per requested item type: array items: $ref: '#/components/schemas/RequestedItemAccountSelections' accountsSelectionRequired: description: A boolean indicating whether any account selections will be required for the user to raise an access request type: boolean example: false default: false type: $ref: '#/components/schemas/DtoType' description: DTO type example: IDENTITY id: description: The identity id for the user type: string example: 70016590f2df4b879bdb1313a9e4e19e name: description: The name of the identity type: string example: User name AccountsSelectionResponse: type: object properties: identities: description: A list of available account selections per identity in the request, for all the requested items type: array items: $ref: '#/components/schemas/IdentityAccountSelections' RequestOnBehalfOfConfig: type: object title: Request On Behalf Of Config properties: allowRequestOnBehalfOfAnyoneByAnyone: type: boolean description: If this is true, anyone can request access for anyone. default: false example: true allowRequestOnBehalfOfEmployeeByManager: type: boolean description: If this is true, a manager can request access for his or her direct reports. default: false example: true ApprovalReminderAndEscalationConfig: type: object title: Approval Reminder And Escalation Config properties: daysUntilEscalation: type: integer description: Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation. format: int32 example: 0 nullable: true daysBetweenReminders: type: integer description: Number of days to wait between reminder notifications. format: int32 example: 0 nullable: true maxReminders: type: integer description: Maximum number of reminder notification to send to the reviewer before approval escalation. format: int32 minimum: 1 example: 1 nullable: true fallbackApproverRef: $ref: '#/components/schemas/IdentityReferenceWithNameAndEmail' EntitlementApprovalScheme: type: object title: Entitlement Approval Scheme properties: approverType: type: string enum: - ENTITLEMENT_OWNER - SOURCE_OWNER - MANAGER - GOVERNANCE_GROUP - WORKFLOW description: |- Describes the individual or group that is responsible for an approval step. Values are as follows. **ENTITLEMENT_OWNER**: Owner of the associated Entitlement **SOURCE_OWNER**: Owner of the associated Source **MANAGER**: Manager of the Identity for whom the request is being made **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field **WORKFLOW**: A Workflow, the ID of which is specified by the **approverId** field, Workflows are exclusive to other types of approvals and License required. example: GOVERNANCE_GROUP approverId: type: string nullable: true description: Id of the specific approver, used only when approverType is GOVERNANCE_GROUP or WORKFLOW example: e3eab852-8315-467f-9de7-70eda97f63c8 EntitlementAccessRequestConfig: type: object title: Entitlement Access Request Config properties: approvalSchemes: type: array description: Ordered list of approval steps for the access request. Empty when no approval is required. items: $ref: '#/components/schemas/EntitlementApprovalScheme' requestCommentRequired: type: boolean description: If the requester must provide a comment during access request. default: false example: true denialCommentRequired: type: boolean description: If the reviewer must provide a comment when denying the access request. default: false example: false reauthorizationRequired: type: boolean description: Is Reauthorization Required default: false example: false EntitlementRevocationRequestConfig: type: object title: Entitlement Revocation Request Config properties: approvalSchemes: type: array description: Ordered list of approval steps for the access request. Empty when no approval is required. items: $ref: '#/components/schemas/EntitlementApprovalScheme' EntitlementRequestConfig: type: object title: Entitlement Request Config properties: accessRequestConfig: $ref: '#/components/schemas/EntitlementAccessRequestConfig' revocationRequestConfig: $ref: '#/components/schemas/EntitlementRevocationRequestConfig' AccessRequestConfig: type: object title: Access Request Config properties: approvalsMustBeExternal: type: boolean description: If this is true, approvals must be processed by an external system. Also, if this is true, it blocks Request Center access requests and returns an error for any user who isn't an org admin. default: false example: true autoApprovalEnabled: type: boolean description: If this is true and the requester and reviewer are the same, the request is automatically approved. default: false example: true reauthorizationEnabled: type: boolean description: If this is true, reauthorization will be enforced for appropriately configured access items. Enablement of this feature is currently in a limited state. default: false example: true requestOnBehalfOfConfig: $ref: '#/components/schemas/RequestOnBehalfOfConfig' description: Request On Behalf Of configuration. approvalReminderAndEscalationConfig: $ref: '#/components/schemas/ApprovalReminderAndEscalationConfig' description: Approval reminder and escalation configuration. entitlementRequestConfig: $ref: '#/components/schemas/EntitlementRequestConfig' description: Entitlement request configuration. OwnerDto: type: object title: Owner Dto description: Owner's identity. properties: type: type: string description: Owner's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Owner's identity ID. example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Owner's name. example: Support CancelledRequestDetails: type: object title: Cancelled Request Details properties: comment: type: string description: Comment made by the owner when cancelling the associated request. example: This request must be cancelled. owner: $ref: '#/components/schemas/OwnerDto' modified: type: string format: date-time description: Date comment was added by the owner when cancelling the associated request. example: '2019-12-20T09:17:12.192Z' description: Provides additional details for a request that has been cancelled. ErrorMessageDtoList: type: array description: List of error messages items: $ref: '#/components/schemas/ErrorMessageDto' example: locale: en-US localeOrigin: DEFAULT text: Error Message RequestedItemStatusRequestState: type: string enum: - EXECUTING - REQUEST_COMPLETED - CANCELLED - TERMINATED - PROVISIONING_VERIFICATION_PENDING - REJECTED - PROVISIONING_FAILED - NOT_ALL_ITEMS_PROVISIONED - ERROR description: |- Indicates the state of an access request: * EXECUTING: The request is executing, which indicates the system is doing some processing. * REQUEST_COMPLETED: Indicates the request has been completed. * CANCELLED: The request was cancelled with no user input. * TERMINATED: The request has been terminated before it was able to complete. * PROVISIONING_VERIFICATION_PENDING: The request has finished any approval steps and provisioning is waiting to be verified. * REJECTED: The request was rejected. * PROVISIONING_FAILED: The request has failed to complete. * NOT_ALL_ITEMS_PROVISIONED: One or more of the requested items failed to complete, but there were one or more successes. * ERROR: An error occurred during request processing. example: EXECUTING AccessItemReviewedBy: type: object title: Access Item Reviewed By description: Identity who reviewed the access item request. properties: type: type: string description: DTO type of identity who reviewed the access item request. enum: - IDENTITY example: IDENTITY id: type: string description: ID of identity who reviewed the access item request. example: 2c3780a46faadee4016fb4e018c20652 name: type: string description: Human-readable display name of identity who reviewed the access item request. example: Allen Albertson ManualWorkItemState: type: string enum: - PENDING - APPROVED - REJECTED - EXPIRED - CANCELLED - ARCHIVED description: |- Indicates the state of the request processing for this item: * PENDING: The request for this item is awaiting processing. * APPROVED: The request for this item has been approved. * REJECTED: The request for this item was rejected. * EXPIRED: The request for this item expired with no action taken. * CANCELLED: The request for this item was cancelled with no user action. * ARCHIVED: The request for this item has been archived after completion. example: PENDING ApprovalScheme: type: string enum: - APP_OWNER - SOURCE_OWNER - MANAGER - ROLE_OWNER - ACCESS_PROFILE_OWNER - ENTITLEMENT_OWNER - GOVERNANCE_GROUP description: Describes the individual or group that is responsible for an approval step. example: MANAGER ApprovalStatusDto: type: object title: Approval Status Dto properties: forwarded: type: boolean default: false description: True if the request for this item was forwarded from one owner to another. example: false originalOwner: type: object description: Identity of orginal approval owner. properties: type: type: string description: DTO type of original approval owner's identity. enum: - GOVERNANCE_GROUP - IDENTITY example: IDENTITY id: type: string description: ID of original approval owner's identity. example: 2c7180a46faadee4016fb4e018c20642 name: type: string description: Display name of original approval owner. example: Michael Michaels currentOwner: allOf: - $ref: '#/components/schemas/AccessItemReviewedBy' - nullable: true modified: type: string format: date-time description: Time at which item was modified. example: '2019-08-23T18:52:57.398Z' nullable: true status: $ref: '#/components/schemas/ManualWorkItemState' scheme: $ref: '#/components/schemas/ApprovalScheme' errorMessages: type: array items: $ref: '#/components/schemas/ErrorMessageDto' description: If the request failed, includes any error messages that were generated. nullable: true comment: type: string description: Comment, if any, provided by the approver. example: I approve this request nullable: true removeDate: type: string description: The date the role or access profile or entitlement is no longer assigned to the specified identity. format: date-time example: '2020-07-11T00:00:00Z' nullable: true ReassignmentType: type: string enum: - MANUAL_REASSIGNMENT - AUTOMATIC_REASSIGNMENT - AUTO_ESCALATION - SELF_REVIEW_DELEGATION description: |- The approval reassignment type. * MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's. * AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time. * AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to [Setting Global Reminders and Escalation Policies](https://documentation.sailpoint.com/saas/help/requests/config_emails.html). * SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to [Self-review Prevention](https://documentation.sailpoint.com/saas/help/users/work_reassignment.html#self-review-prevention) and [Preventing Self-approval](https://documentation.sailpoint.com/saas/help/requests/config_ap_roles.html#preventing-self-approval). example: AUTOMATIC_REASSIGNMENT ApprovalForwardHistory: type: object title: Approval Forward History properties: oldApproverName: type: string description: Display name of approver from whom the approval was forwarded. example: Frank Mir newApproverName: type: string description: Display name of approver to whom the approval was forwarded. example: Al Volta comment: type: string nullable: true description: Comment made while forwarding. example: Forwarding from Frank to Al modified: type: string format: date-time description: Time at which approval was forwarded. example: '2019-08-23T18:52:57.398Z' forwarderName: type: string nullable: true description: Display name of forwarder who forwarded the approval. example: William Wilson reassignmentType: $ref: '#/components/schemas/ReassignmentType' description: |- The approval reassignment type. * MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's. * AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time. * AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to [Setting Global Reminders and Escalation Policies](https://documentation.sailpoint.com/saas/help/requests/config_emails.html). * SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to [Self-review Prevention](https://documentation.sailpoint.com/saas/help/users/work_reassignment.html#self-review-prevention) and [Preventing Self-approval](https://documentation.sailpoint.com/saas/help/requests/config_ap_roles.html#preventing-self-approval). example: AUTOMATIC_REASSIGNMENT ManualWorkItemDetails: type: object title: Manual Work Item Details properties: forwarded: type: boolean default: false description: True if the request for this item was forwarded from one owner to another. example: true originalOwner: type: object nullable: true description: Identity of original work item owner, if the work item has been forwarded. properties: type: type: string description: DTO type of original work item owner's identity. enum: - GOVERNANCE_GROUP - IDENTITY example: IDENTITY id: type: string description: ID of original work item owner's identity. example: 2c7180a46faadee4016fb4e018c20642 name: type: string description: Display name of original work item owner. example: Michael Michaels currentOwner: type: object description: Identity of current work item owner. nullable: true properties: type: type: string description: DTO type of current work item owner's identity. enum: - GOVERNANCE_GROUP - IDENTITY example: IDENTITY id: type: string description: ID of current work item owner's identity. example: 2c3780a46faadee4016fb4e018c20652 name: type: string description: Display name of current work item owner. example: Allen Albertson modified: type: string format: date-time description: Time at which item was modified. example: '2019-08-23T18:52:57.398Z' status: $ref: '#/components/schemas/ManualWorkItemState' forwardHistory: type: array nullable: true items: $ref: '#/components/schemas/ApprovalForwardHistory' description: The history of approval forward action. AccessItemRequester: type: object title: Access Item Requester description: Access item requester's identity. properties: type: type: string description: Access item requester's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Access item requester's identity ID. example: 2c7180a46faadee4016fb4e018c20648 name: type: string description: Access item owner's human-readable display name. example: William Wilson CommentDto: type: object title: Comment Dto properties: comment: type: string nullable: true description: Comment content. example: This is a comment. created: type: string format: date-time description: Date and time comment was created. example: '2017-07-11T18:45:37.098Z' author: type: object readOnly: true description: Author of the comment properties: type: type: string enum: - IDENTITY example: IDENTITY description: The type of object id: type: string description: The unique ID of the object example: 2c9180847e25f377017e2ae8cae4650b name: type: string description: The display name of the object example: john.doe SodPolicyDto: type: object title: Sod Policy Dto description: SOD policy. properties: type: type: string description: SOD policy DTO type. enum: - SOD_POLICY example: SOD_POLICY id: type: string description: SOD policy ID. example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde name: type: string description: SOD policy display name. example: Business SOD Policy SodExemptCriteria: description: Details of the Entitlement criteria type: object title: Sod Exempt Criteria properties: existing: type: boolean default: false example: true description: If the entitlement already belonged to the user or not. type: $ref: '#/components/schemas/DtoType' example: ENTITLEMENT id: type: string description: Entitlement ID example: 2c918085771e9d3301773b3cb66f6398 name: type: string description: Entitlement name example: My HR Entitlement SodViolationContext: description: The contextual information of the violated criteria type: object title: Sod Violation Context properties: policy: $ref: '#/components/schemas/SodPolicyDto' conflictingAccessCriteria: type: object description: The object which contains the left and right hand side of the entitlements that got violated according to the policy. properties: leftCriteria: type: object properties: criteriaList: type: array items: $ref: '#/components/schemas/SodExemptCriteria' rightCriteria: type: object properties: criteriaList: type: array items: $ref: '#/components/schemas/SodExemptCriteria' SodViolationCheckResult: description: The inner object representing the completed SOD Violation check type: object title: Sod Violation Check Result properties: message: $ref: '#/components/schemas/ErrorMessageDto' description: If the request failed, this includes any error message that was generated. example: - locale: en-US localeOrigin: DEFAULT text: An error has occurred during the SOD violation check clientMetadata: type: object nullable: true additionalProperties: type: string description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check. example: requestedAppName: test-app requestedAppId: 2c91808f7892918f0178b78da4a305a1 violationContexts: type: array nullable: true items: $ref: '#/components/schemas/SodViolationContext' violatedPolicies: type: array nullable: true description: A list of the SOD policies that were violated. items: $ref: '#/components/schemas/SodPolicyDto' SodViolationContextCheckCompleted: description: An object referencing a completed SOD violation check type: object title: Sod Violation Context Check Completed nullable: true properties: state: type: string enum: - SUCCESS - ERROR - null description: The status of SOD violation check example: SUCCESS nullable: true uuid: description: The id of the Violation check event type: string example: f73d16e9-a038-46c5-b217-1246e15fdbdd nullable: true violationCheckResult: $ref: '#/components/schemas/SodViolationCheckResult' ProvisioningDetails: type: object title: Provisioning Details properties: orderedSubPhaseReferences: type: string description: Ordered CSV of sub phase references to objects that contain more information about provisioning. For example, this can contain "manualWorkItemDetails" which indicate that there is further information in that object for this phase. example: manualWorkItemDetails description: Provides additional details about provisioning for this request. PreApprovalTriggerDetails: type: object title: Pre Approval Trigger Details properties: comment: type: string description: Comment left for the pre-approval decision example: Access is Approved reviewer: type: string description: The reviewer of the pre-approval decision example: John Doe decision: type: string enum: - APPROVED - REJECTED description: The decision of the pre-approval trigger example: APPROVED description: Provides additional details about the pre-approval trigger for this request. AccessRequestPhases: type: object title: Access Request Phases properties: started: type: string description: The time that this phase started. format: date-time example: '2020-07-11T00:00:00Z' finished: type: string description: The time that this phase finished. format: date-time example: '2020-07-12T00:00:00Z' nullable: true name: type: string description: The name of this phase. example: APPROVAL_PHASE state: type: string enum: - PENDING - EXECUTING - COMPLETED - CANCELLED - NOT_EXECUTED description: The state of this phase. example: COMPLETED result: type: string enum: - SUCCESSFUL - FAILED - null description: The state of this phase. example: SUCCESSFUL nullable: true phaseReference: type: string description: A reference to another object on the RequestedItemStatus that contains more details about the phase. Note that for the Provisioning phase, this will be empty if there are no manual work items. example: approvalDetails nullable: true description: Provides additional details about this access request phase. RequestedAccountRef: type: object title: Requested Account Ref properties: name: type: string description: Display name of the account for the user example: Glen.067da3248e914 type: description: The type of item $ref: '#/components/schemas/DtoType' example: ACCOUNT accountUuid: type: string nullable: true description: The uuid for the account example: '{fab7119e-004f-4822-9c33-b8d570d6c6a6}' accountId: type: string nullable: true description: The native identity for the account example: CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local sourceName: type: string nullable: false description: Display name of the source for the account example: Multi Account AD source name RequestedItemStatus: type: object title: Requested Item Status properties: id: type: string description: The ID of the access request. As of 2025, this is a new property. Older access requests might not have an ID. example: 2c9180926cbfbddd016cbfc7c3b10010 nullable: true name: type: string description: Human-readable display name of the item being requested. example: AccessProfile1 nullable: true type: type: string enum: - ACCESS_PROFILE - ROLE - ENTITLEMENT - null description: Type of requested object. example: ACCESS_PROFILE nullable: true cancelledRequestDetails: allOf: - $ref: '#/components/schemas/CancelledRequestDetails' - nullable: true errorMessages: type: array nullable: true items: $ref: '#/components/schemas/ErrorMessageDtoList' description: List of list of localized error messages, if any, encountered during the approval/provisioning process. state: $ref: '#/components/schemas/RequestedItemStatusRequestState' approvalDetails: type: array items: $ref: '#/components/schemas/ApprovalStatusDto' description: Approval details for each item. approvalIds: type: array items: type: string description: List of approval IDs associated with the request. example: - 85f0cf482dd44327b593624c07906c21 - fa57e1bfa36f41ee85e33ee59fcbeac5 nullable: true manualWorkItemDetails: type: array nullable: true items: $ref: '#/components/schemas/ManualWorkItemDetails' description: Manual work items created for provisioning the item. accountActivityItemId: type: string description: Id of associated account activity item. example: 2c9180926cbfbddd016cbfc7c3b10010 requestType: $ref: '#/components/schemas/AccessRequestType' modified: type: string format: date-time description: When the request was last modified. example: '2019-08-23T18:52:59.162Z' nullable: true created: type: string format: date-time description: When the request was created. example: '2019-08-23T18:40:35.772Z' requester: $ref: '#/components/schemas/AccessItemRequester' requestedFor: type: object description: Identity access was requested for. properties: type: type: string enum: - IDENTITY description: Type of the object to which this reference applies example: IDENTITY id: type: string description: ID of the object to which this reference applies example: 2c9180835d191a86015d28455b4b232a name: type: string description: Human-readable display name of the object to which this reference applies example: William Wilson requesterComment: allOf: - $ref: '#/components/schemas/CommentDto' - nullable: true description: The requester's comment. sodViolationContext: allOf: - $ref: '#/components/schemas/SodViolationContextCheckCompleted' - nullable: true description: The details of the SOD violations for the associated approval. provisioningDetails: allOf: - $ref: '#/components/schemas/ProvisioningDetails' - nullable: true preApprovalTriggerDetails: allOf: - $ref: '#/components/schemas/PreApprovalTriggerDetails' - nullable: true accessRequestPhases: type: array items: $ref: '#/components/schemas/AccessRequestPhases' description: A list of Phases that the Access Request has gone through in order, to help determine the status of the request. nullable: true description: type: string description: Description associated to the requested object. example: This is the Engineering role that engineers are granted. nullable: true removeDate: type: string format: date-time nullable: true description: When the role access is scheduled for removal. example: '2019-10-23T00:00:00.000Z' cancelable: type: boolean default: false description: True if the request can be canceled. example: true accessRequestId: type: string description: This is the account activity id. example: 2b838de9-db9b-abcf-e646-d4f274ad4238 clientMetadata: nullable: true type: object additionalProperties: type: string description: Arbitrary key-value pairs, if any were included in the corresponding access request example: key1: value1 key2: value2 requestedAccounts: nullable: true type: array items: $ref: '#/components/schemas/RequestedAccountRef' description: The accounts selected by the user for the access to be provisioned on, in case they have multiple accounts on one or more sources. privilegeLevel: nullable: true type: string description: The privilege level of the requested access item, if applicable. example: High AccessRequestAdminItemStatus: type: object title: Access Request Admin Item Status properties: id: type: string description: ID of the access request. This is a new property as of 2025. Older access requests may not have an ID. example: 2c9180926cbfbddd016cbfc7c3b10010 nullable: true name: type: string description: Human-readable display name of the item being requested. example: AccessProfile1 nullable: true type: type: string enum: - ACCESS_PROFILE - ROLE - ENTITLEMENT - null description: Type of requested object. example: ACCESS_PROFILE nullable: true cancelledRequestDetails: allOf: - $ref: '#/components/schemas/CancelledRequestDetails' - nullable: true errorMessages: type: array nullable: true items: $ref: '#/components/schemas/ErrorMessageDtoList' description: List of localized error messages, if any, encountered during the approval/provisioning process. state: $ref: '#/components/schemas/RequestedItemStatusRequestState' approvalDetails: type: array items: $ref: '#/components/schemas/ApprovalStatusDto' description: Approval details for each item. manualWorkItemDetails: type: array nullable: true items: $ref: '#/components/schemas/ManualWorkItemDetails' description: Manual work items created for provisioning the item. accountActivityItemId: type: string description: Id of associated account activity item. example: 2c9180926cbfbddd016cbfc7c3b10010 requestType: $ref: '#/components/schemas/AccessRequestType' modified: type: string format: date-time description: When the request was last modified. example: '2019-08-23T18:52:59.162Z' nullable: true created: type: string format: date-time description: When the request was created. example: '2019-08-23T18:40:35.772Z' requester: $ref: '#/components/schemas/AccessItemRequester' requestedFor: type: object description: Identity access was requested for. properties: type: type: string enum: - IDENTITY description: Type of the object to which this reference applies example: IDENTITY id: type: string description: ID of the object to which this reference applies example: 2c9180835d191a86015d28455b4b232a name: type: string description: Human-readable display name of the object to which this reference applies example: William Wilson requesterComment: allOf: - $ref: '#/components/schemas/CommentDto' - nullable: true description: The requester's comment. sodViolationContext: allOf: - $ref: '#/components/schemas/SodViolationContextCheckCompleted' - nullable: true description: The details of the SOD violations for the associated approval. provisioningDetails: allOf: - $ref: '#/components/schemas/ProvisioningDetails' - nullable: true preApprovalTriggerDetails: allOf: - $ref: '#/components/schemas/PreApprovalTriggerDetails' - nullable: true accessRequestPhases: type: array items: $ref: '#/components/schemas/AccessRequestPhases' description: A list of Phases that the Access Request has gone through in order, to help determine the status of the request. nullable: true description: type: string description: Description associated to the requested object. example: This is the Engineering role that engineers are granted. nullable: true removeDate: type: string format: date-time nullable: true description: When the role access is scheduled for removal. example: '2019-10-23T00:00:00.000Z' cancelable: type: boolean default: false description: True if the request can be canceled. example: true reauthorizationRequired: type: boolean default: false description: True if re-auth is required. example: true accessRequestId: type: string description: This is the account activity id. example: 2b838de9-db9b-abcf-e646-d4f274ad4238 clientMetadata: nullable: true type: object additionalProperties: type: string description: Arbitrary key-value pairs, if any were included in the corresponding access request example: key1: value1 key2: value2 AccessItemRequestedFor: type: object title: Access Item Requested For description: Identity the access item is requested for. properties: type: type: string description: DTO type of identity the access item is requested for. enum: - IDENTITY example: IDENTITY id: type: string description: ID of identity the access item is requested for. example: 2c4180a46faadee4016fb4e018c20626 name: type: string description: Human-readable display name of identity the access item is requested for. example: Robert Robinson RequestableObjectReference: type: object title: Requestable Object Reference properties: id: type: string description: Id of the object. example: 2c9180835d2e5168015d32f890ca1581 name: type: string description: Name of the object. example: Applied Research Access description: type: string description: Description of the object. example: Access to research information, lab results, and schematics type: type: string enum: - ACCESS_PROFILE - ROLE - ENTITLEMENT description: Type of the object. example: ROLE PendingApprovalAction: type: string enum: - APPROVED - REJECTED - FORWARDED description: Enum represents action that is being processed on an approval. example: APPROVED PendingApproval: type: object title: Pending Approval properties: id: type: string description: The approval id. example: id12345 accessRequestId: type: string description: This is the access request id. example: 2b838de9db9babcfe646d4f274ad4238 name: type: string description: The name of the approval. example: aName created: type: string format: date-time description: When the approval was created. example: '2017-07-11T18:45:37.098Z' modified: type: string format: date-time description: When the approval was modified last time. example: '2018-07-25T20:22:28.104Z' requestCreated: type: string format: date-time description: When the access-request was created. example: '2017-07-11T18:45:35.098Z' requestType: $ref: '#/components/schemas/AccessRequestType' description: If the access-request was for granting or revoking access. requester: $ref: '#/components/schemas/AccessItemRequester' requestedFor: $ref: '#/components/schemas/AccessItemRequestedFor' owner: type: object description: Access item owner's identity. properties: type: type: string description: Access item owner's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Access item owner's identity ID. example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Access item owner's human-readable display name. example: Support requestedObject: $ref: '#/components/schemas/RequestableObjectReference' description: The requested access item. requesterComment: $ref: '#/components/schemas/CommentDto' description: The requester's comment. previousReviewersComments: type: array items: $ref: '#/components/schemas/CommentDto' description: The history of the previous reviewers comments. forwardHistory: type: array items: $ref: '#/components/schemas/ApprovalForwardHistory' description: The history of approval forward action. commentRequiredWhenRejected: type: boolean default: false description: When true the rejector has to provide comments when rejecting example: true actionInProcess: $ref: '#/components/schemas/PendingApprovalAction' description: Action that is performed on this approval, and system has not finished performing that action yet. removeDate: type: string description: The date the role or access profile or entitlement is no longer assigned to the specified identity. format: date-time example: '2020-07-11T00:00:00Z' removeDateUpdateRequested: type: boolean default: false description: If true, then the request is to change the remove date or sunset date. example: true currentRemoveDate: type: string description: The remove date or sunset date that was assigned at the time of the request. format: date-time example: '2020-07-11T00:00:00Z' sodViolationContext: $ref: '#/components/schemas/SodViolationContextCheckCompleted' description: The details of the SOD violations for the associated approval. clientMetadata: nullable: true type: object additionalProperties: type: string description: Arbitrary key-value pairs, if any were included in the corresponding access request item example: customKey1: custom value 1 customKey2: custom value 2 requestedAccounts: nullable: true type: array items: $ref: '#/components/schemas/RequestedAccountRef' description: The accounts selected by the user for the access to be provisioned on, in case they have multiple accounts on one or more sources. privilegeLevel: nullable: true type: string description: The privilege level of the requested access item, if applicable. example: High maxPermittedAccessDuration: nullable: true type: object description: The maximum duration for which the access is permitted. properties: value: type: integer format: int32 description: The numeric value of the duration. example: 5 timeUnit: type: string description: The time unit for the duration. enum: - HOURS - DAYS - WEEKS - MONTHS example: DAYS CompletedApprovalState: type: string enum: - APPROVED - REJECTED description: Enum represents completed approval object's state. example: APPROVED CompletedApproval: type: object title: Completed Approval properties: id: type: string description: The approval id. example: id12345 name: type: string description: The name of the approval. example: aName created: type: string format: date-time description: When the approval was created. example: '2017-07-11T18:45:37.098Z' modified: type: string format: date-time description: When the approval was modified last time. example: '2018-07-25T20:22:28.104Z' requestCreated: type: string format: date-time description: When the access-request was created. example: '2017-07-11T18:45:35.098Z' requestType: $ref: '#/components/schemas/AccessRequestType' description: If the access-request was for granting or revoking access. requester: $ref: '#/components/schemas/AccessItemRequester' requestedFor: type: object description: Identity access was requested for. properties: type: type: string enum: - IDENTITY description: Type of the object to which this reference applies example: IDENTITY id: type: string description: ID of the object to which this reference applies example: 2c9180835d191a86015d28455b4b232a name: type: string description: Human-readable display name of the object to which this reference applies example: William Wilson reviewedBy: $ref: '#/components/schemas/AccessItemReviewedBy' owner: $ref: '#/components/schemas/OwnerDto' requestedObject: $ref: '#/components/schemas/RequestableObjectReference' description: The requested access item. requesterComment: allOf: - $ref: '#/components/schemas/CommentDto' - description: The requester's comment. reviewerComment: allOf: - $ref: '#/components/schemas/CommentDto' - description: The approval's reviewer's comment. nullable: true previousReviewersComments: type: array items: $ref: '#/components/schemas/CommentDto' description: The history of the previous reviewers comments. forwardHistory: type: array items: $ref: '#/components/schemas/ApprovalForwardHistory' description: The history of approval forward action. commentRequiredWhenRejected: type: boolean default: false description: When true the rejector has to provide comments when rejecting example: true state: $ref: '#/components/schemas/CompletedApprovalState' description: The final state of the approval removeDate: type: string description: The date the role or access profile or entitlement is no longer assigned to the specified identity. format: date-time example: '2020-07-11T00:00:00Z' nullable: true removeDateUpdateRequested: type: boolean default: false description: If true, then the request was to change the remove date or sunset date. example: true currentRemoveDate: type: string description: The remove date or sunset date that was assigned at the time of the request. format: date-time example: '2020-07-11T00:00:00Z' nullable: true sodViolationContext: $ref: '#/components/schemas/SodViolationContextCheckCompleted' description: The details of the SOD violations for the associated approval. preApprovalTriggerResult: nullable: true type: object description: If the access request submitted event trigger is configured and this access request was intercepted by it, then this is the result of the trigger's decision to either approve or deny the request. properties: comment: type: string description: The comment from the trigger example: This request was autoapproved by our automated ETS subscriber decision: $ref: '#/components/schemas/CompletedApprovalState' description: The approval decision of the trigger reviewer: type: string description: The name of the approver example: Automated AR Approval date: type: string format: date-time example: '2022-06-07T19:18:40.748Z' description: The date and time the trigger decided on the request clientMetadata: type: object additionalProperties: type: string description: Arbitrary key-value pairs provided during the request. example: requestedAppName: test-app requestedAppId: 2c91808f7892918f0178b78da4a305a1 requestedAccounts: nullable: true type: array items: $ref: '#/components/schemas/RequestedAccountRef' description: The accounts selected by the user for the access to be provisioned on, in case they have multiple accounts on one or more sources. privilegeLevel: nullable: true type: string description: The privilege level of the requested access item, if applicable. example: High ForwardApprovalDto: type: object title: Forward Approval Dto required: - newOwnerId - comment properties: newOwnerId: type: string description: The Id of the new owner example: 2c91808568c529c60168cca6f90c1314 minLength: 1 maxLength: 255 comment: type: string description: The comment provided by the forwarder example: 2c91808568c529c60168cca6f90c1313 minLength: 1 maxLength: 255 ApprovalSummary: type: object title: Approval Summary properties: pending: type: integer description: The number of pending access requests approvals. format: int32 example: 0 approved: type: integer description: The number of approved access requests approvals. format: int32 example: 0 rejected: type: integer description: The number of rejected access requests approvals. format: int32 example: 0 BulkApproveAccessRequest: type: object title: Bulk Approve Access Request description: Request body payload for bulk approve access request endpoint. required: - approvalIds - comment properties: approvalIds: type: array description: List of approval ids to approve the pending requests items: type: string example: - 2c9180835d2e5168015d32f890ca1581 - 2c9180835d2e5168015d32f890ca1582 comment: type: string description: Reason for approving the pending access request. example: I approve these request items AccessRequestApproversListResponse: type: object title: Access Request Approvers List Response properties: id: type: string description: Approver id. example: id12345 email: type: string description: Email of the approver. example: jdoe@sailpoint.com name: type: string description: Name of the approver. example: John Doe approvalId: type: string description: Id of the approval item. example: ap12345 type: type: string description: Type of the object returned. In this case, the value for this field will always Identity. example: Identity BaseCommonDto: type: object title: Base Common Dto required: - name properties: id: description: System-generated unique ID of the Object type: string example: id12345 readOnly: true name: description: Name of the Object type: string example: aName nullable: true created: description: Creation date of the Object type: string example: '2015-05-28T14:07:17Z' format: date-time readOnly: true modified: description: Last modification date of the Object type: string example: '2015-05-28T14:07:17Z' format: date-time readOnly: true Recommendation: type: object title: Recommendation properties: type: type: string enum: - HUMAN - MACHINE description: Recommended type of account. example: MACHINE method: type: string enum: - DISCOVERY - SOURCE - CRITERIA description: Method used to produce the recommendation. DISCOVERY - suggested by AI, SOURCE - the account comes from a source flagged as containing machine accounts, CRITERIA - the account satisfies classification criteria. example: DISCOVERY required: - type - method BaseReferenceDto: type: object title: Base Reference Dto properties: type: $ref: '#/components/schemas/DtoType' description: DTO type id: type: string description: ID of the object to which this reference applies example: 2c91808568c529c60168cca6f90c1313 name: type: string description: Human-readable display name of the object to which this reference applies example: William Wilson AccountAttributesCreate: type: object title: Account Attributes Create required: - attributes properties: attributes: description: The schema attribute values for the account type: object required: - sourceId properties: sourceId: type: string description: Target source to create an account example: 34bfcbe116c9407464af37acbaf7a4dc additionalProperties: type: string example: sourceId: 34bfcbe116c9407464af37acbaf7a4dc city: Austin displayName: John Doe userName: jdoe sAMAccountName: jDoe mail: john.doe@sailpoint.com TaskResultDto: type: object title: Task Result Dto description: Task result. properties: type: type: string description: Task result DTO type. enum: - TASK_RESULT example: TASK_RESULT id: type: string description: Task result ID. example: 464ae7bf791e49fdb74606a2e4a89635 name: type: string description: Task result display name. nullable: true example: null CompletionStatus: nullable: true type: string description: The status after completion. enum: - SUCCESS - FAILURE - INCOMPLETE - PENDING - null example: SUCCESS IdentitySummary: type: object title: Identity Summary nullable: true properties: id: type: string description: ID of this identity summary example: ff80818155fe8c080155fe8d925b0316 name: type: string description: Human-readable display name of identity example: SailPoint Services identityId: type: string description: ID of the identity that this summary represents example: c15b9f5cca5a4e9599eaa0e64fa921bd completed: type: boolean description: Indicates if all access items for this summary have been decided on example: true default: false AccountActivityApprovalStatus: type: string nullable: true enum: - FINISHED - REJECTED - RETURNED - EXPIRED - PENDING - CANCELED - null example: PENDING description: The state of an approval status ProvisioningState: type: string enum: - PENDING - FINISHED - UNVERIFIABLE - COMMITED - FAILED - RETRY description: Provisioning state of an account activity item example: PENDING Comment: type: object title: Comment nullable: true properties: commenterId: type: string description: Id of the identity making the comment example: 2c918084660f45d6016617daa9210584 commenterName: type: string description: Human-readable display name of the identity making the comment example: Adam Kennedy body: type: string description: Content of the comment example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. date: type: string format: date-time description: Date and time comment was made example: '2017-07-11T18:45:37.098Z' AccountActivityItemOperation: type: string nullable: true enum: - ADD - CREATE - MODIFY - DELETE - DISABLE - ENABLE - UNLOCK - LOCK - REMOVE - SET - null description: Represents an operation in an account activity item example: ADD AccountRequestInfo: type: object title: Account Request Info nullable: true properties: requestedObjectId: type: string description: Id of requested object example: 2c91808563ef85690164001c31140c0c requestedObjectName: type: string description: Human-readable name of requested object example: Treasury Analyst requestedObjectType: $ref: '#/components/schemas/RequestableObjectType' description: If an account activity item is associated with an access request, captures details of that request. AccountActivityItem: type: object title: Account Activity Item properties: id: type: string description: Item id example: 48c545831b264409a81befcabb0e3c5a name: type: string description: Human-readable display name of item example: 48c545831b264409a81befcabb0e3c5a requested: type: string format: date-time description: Date and time item was requested example: '2017-07-11T18:45:37.098Z' approvalStatus: $ref: '#/components/schemas/AccountActivityApprovalStatus' provisioningStatus: $ref: '#/components/schemas/ProvisioningState' requesterComment: $ref: '#/components/schemas/Comment' reviewerIdentitySummary: $ref: '#/components/schemas/IdentitySummary' reviewerComment: $ref: '#/components/schemas/Comment' operation: $ref: '#/components/schemas/AccountActivityItemOperation' attribute: type: string description: Attribute to which account activity applies nullable: true example: detectedRoles value: type: string description: Value of attribute nullable: true example: Treasury Analyst [AccessProfile-1529010191212] nativeIdentity: nullable: true type: string description: Native identity in the target system to which the account activity applies example: Sandie.Camero sourceId: type: string description: Id of Source to which account activity applies example: 2c91808363ef85290164000587130c0c accountRequestInfo: $ref: '#/components/schemas/AccountRequestInfo' clientMetadata: nullable: true type: object additionalProperties: type: string description: Arbitrary key-value pairs, if any were included in the corresponding access request item example: customKey1: custom value 1 customKey2: custom value 2 removeDate: nullable: true type: string description: The date the role or access profile or entitlement is no longer assigned to the specified identity. format: date-time example: '2020-07-11T00:00:00Z' ExecutionStatus: type: string description: The current state of execution. enum: - EXECUTING - VERIFYING - TERMINATED - COMPLETED example: COMPLETED AccountAggregationStatus: type: object title: Account Aggregation Status properties: start: type: string format: date-time nullable: true example: '2021-01-31T14:30:05.104Z' description: When the aggregation started. status: type: string enum: - STARTED - ACCOUNTS_COLLECTED - COMPLETED - CANCELLED - RETRIED - TERMINATED - NOT_FOUND example: ACCOUNTS_COLLECTED description: | STARTED - Aggregation started, but source account iteration has not completed. ACCOUNTS_COLLECTED - Source account iteration completed, but all accounts have not yet been processed. COMPLETED - Aggregation completed (*possibly with errors*). CANCELLED - Aggregation cancelled by user. RETRIED - Aggregation retried because of connectivity issues with the Virtual Appliance. TERMINATED - Aggregation marked as failed after 3 tries after connectivity issues with the Virtual Appliance. totalAccounts: type: integer format: int32 example: 520 description: The total number of *NEW, CHANGED and DELETED* accounts that need to be processed for this aggregation. This does not include accounts that were unchanged since the previous aggregation. This can be zero if there were no new, changed or deleted accounts since the previous aggregation. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.* processedAccounts: type: integer format: int32 example: 150 description: The number of *NEW, CHANGED and DELETED* accounts that have been processed so far. This reflects the number of accounts that have been processed at the time of the API call, and may increase on subsequent API calls while the status is ACCOUNTS_COLLECTED. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.* totalAccountsMarkedForDeletion: type: integer format: int32 example: 10 description: The total number of accounts that have been marked for deletion during the aggregation. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.* deletedAccounts: type: integer format: int32 example: 5 description: The number of accounts that have been deleted during the aggregation. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.* totalIdentities: type: integer format: int32 example: 300 description: The total number of unique identities that have been marked for refresh. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.* processedIdentities: type: integer format: int32 example: 250 description: The number of unique identities that have been refreshed at the time of the API call, and may increase on subsequent API calls while the status is ACCOUNTS_COLLECTED. *Only available when status is ACCOUNTS_COLLECTED or COMPLETED.* NetworkConfiguration: type: object title: Network Configuration properties: range: type: array description: The collection of ip ranges. items: type: string example: - 1.3.7.2 - 255.255.255.252/30 nullable: true geolocation: type: array description: The collection of country codes. items: type: string example: - CA - FR - HT nullable: true whitelisted: type: boolean description: Denotes whether the provided lists are whitelisted or blacklisted for geo location. default: false example: true LockoutConfiguration: type: object title: Lockout Configuration properties: maximumAttempts: type: integer format: int32 description: The maximum attempts allowed before lockout occurs. example: 5 lockoutDuration: type: integer format: int32 description: The total time in minutes a user will be locked out. example: 15 lockoutWindow: type: integer format: int32 description: A rolling window where authentication attempts in a series count towards the maximum before lockout occurs. example: 5 FederationProtocolDetails: type: object title: Federation Protocol Details properties: role: type: string description: Federation protocol role example: SAML_IDP enum: - SAML_IDP - SAML_SP entityId: type: string description: An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IDP) or a Service Provider (SP). example: http://www.okta.com/exkdaruy8Ln5Ry7C54x6 JITConfiguration: type: object title: JIT Configuration properties: enabled: type: boolean description: The indicator for just-in-time provisioning enabled default: false example: false sourceId: type: string description: the sourceId that mapped to just-in-time provisioning configuration example: 2c9180857377ed2901739c12a2da5ac8 sourceAttributeMappings: type: object description: A mapping of identity profile attribute names to SAML assertion attribute names additionalProperties: type: string description: a mapping of JIT source attributes to the SAML assertion attribute example: firstName: okta.firstName lastName: okta.lastName email: okta.email IdpDetails: allOf: - $ref: '#/components/schemas/FederationProtocolDetails' - type: object description: Specification of Identity Provider Details section of Service Provider Config required: - mappingAttribute properties: binding: type: string description: Defines the binding used for the SAML flow. Used with IDP configurations. example: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST authnContext: type: string description: Specifies the SAML authentication method to use. Used with IDP configurations. example: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport logoutUrl: type: string description: The IDP logout URL. Used with IDP configurations. example: https://dev-206445.oktapreview.com/login/signout includeAuthnContext: type: boolean description: Determines if the configured AuthnContext should be used or the default. Used with IDP configurations. default: false example: false nameId: type: string description: The name id format to use. Used with IDP configurations. example: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress jitConfiguration: $ref: '#/components/schemas/JITConfiguration' cert: type: string description: The Base64-encoded certificate used by the IDP. Used with IDP configurations. example: '-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----' loginUrlPost: type: string description: The IDP POST URL, used with IDP HTTP-POST bindings for IDP-initiated logins. Used with IDP configurations. example: https://dev-157216.okta.com/app/sailpointdev157216_cdovsaml_1/exkdaruy8Ln5Ry7C54x6/sso/saml loginUrlRedirect: type: string description: The IDP Redirect URL. Used with IDP configurations. example: https://dev-157216.okta.com/app/sailpointdev157216_cdovsaml_1/exkdaruy8Ln5Ry7C54x6/sso/saml mappingAttribute: type: string description: Return the saml Id for the given user, based on the IDN as SP settings of the org. Used with IDP configurations. example: email certificateExpirationDate: type: string description: The expiration date extracted from the certificate. example: Fri Mar 08 08:54:24 UTC 2013 certificateName: type: string description: The name extracted from the certificate. example: OU=Conext, O=Surfnet, L=Utrecht, ST=Utrecht, C=NL SpDetails: allOf: - $ref: '#/components/schemas/FederationProtocolDetails' - type: object description: Specification of a Service Provider Details properties: alias: type: string description: Unique alias used to identify the selected local service provider based on used URL. Used with SP configurations. example: acme-sp callbackUrl: type: string description: The allowed callback URL where users will be redirected to after authentication. Used with SP configurations. example: https://example-tenant.identitynow.com/sso/Consumer/metaAlias/example-tenant-sp legacyAcsUrl: type: string description: The legacy ACS URL used for SAML authentication. Used with SP configurations. example: https://megapod-useast1-sso.identitysoon.com/sso/Consumer/metaAlias/acme/sp required: - callbackUrl ServiceProviderConfiguration: description: Represents the IdentityNow as Service Provider Configuration allowing customers to log into IDN via an Identity Provider type: object title: Service Provider Configuration properties: enabled: description: This determines whether or not the SAML authentication flow is enabled for an org type: boolean example: true default: false bypassIdp: description: This allows basic login with the parameter prompt=true. This is often toggled on when debugging SAML authentication setup. When false, only org admins with MFA-enabled can bypass the IDP. type: boolean example: true default: false samlConfigurationValid: description: This indicates whether or not the SAML configuration is valid. type: boolean example: true default: false federationProtocolDetails: description: A list of the abstract implementations of the Federation Protocol details. Typically, this will include on SpDetails object and one IdpDetails object used in tandem to define a SAML integration between a customer's identity provider and a customer's SailPoint instance (i.e., the service provider). type: array items: anyOf: - $ref: '#/components/schemas/IdpDetails' - $ref: '#/components/schemas/SpDetails' example: - role: SAML_IDP entityId: http://www.okta.com/exktq4o24bmQA4fr60h7 cert: MIIDpDCCAoygAwIBAgIGAYhZ+b29MA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxEzARBgNVBAMMCmRldi0yMDY0NDUxHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wHhcNMjMwNTI2MjEzMDU5WhcNMzMwNTI2MjEzMTU5WjCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoMBE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRMwEQYDVQQDDApkZXYtMjA2NDQ1MRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvi1+WbF2ceGlLCrLl5PrG1lpj04IsrHX6OE666ObC2WFh+Nxvpxy+Vmzon9c9+akhK3bTv+9ifEoVc6tA1qWuCfXISAn9g81JqI68I1PGUbe6eF8pmOA18rjOrt7x94k4QukpR3+I8DfPJ+TynatltB51laLb8H4jchMafA4rDTjV/ZiYPxV0LMEIbprVyGuvBEhiEWha3wwVdDuJq996okX36YNS8PcGH+5CJ8c3YWZp/wrspgJmfCooMXeV+6zBpZfXqPpMWlUo0gcZqDOFgy3r4vkXehJdVYRlInMfDv04Lvy8VI1YAZClG/duO/6o9YVUFLjD9s+mQfhgaF5wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB1CTrA/pTHkarbhMHsdSFAjVoYWwdAfrssG99rIjwwr/CW9tavTC3keaoUmUeddcnLY4V/TfL07+xgQGHCBR88cnzG9h6rC9qWxt6C3nug3YDVQfkdCDgnW9A8QEvLeq/KVLoRccpJNEENb2Y5ESUXHi1+PtjkFBtvfSgZ4eEhVggirL0bJdWVm700hCnjb2iCGSbSX7WflfPi0GSmjht983caG9OwZDnDzNFt8qGWCxo4bNSThT00JnWEN/6f1BWNOt9YDrxqEyNclqhLL+RDqFsPBFIrQlsoXzqpWqCL8oS9UMNxbGATK2v3d5ueE9+SswBAFBhirCuqZw19Ri2W loginUrlPost: https://dev-206445.oktapreview.com/app/tivolidev206445_acmeidntest_1/exktq4o24bmQA4fr60h7/sso/saml loginUrlRedirect: https://dev-206445.oktapreview.com/app/tivolidev206445_acmeidntest_1/exktq4o24bmQA4fr60h7/sso/saml logoutUrl: https://dev-206445.oktapreview.com/login/signout nameId: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST authnContext: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport includeAuthnContext: true mappingAttribute: email jitConfiguration: enabled: true sourceId: 2c9180897427f3a501745042afc83144 sourceAttributeMappings: firstName: okta.firstName lastName: okta.lastName email: okta.email certificateExpirationDate: Thu May 26 21:31:59 GMT 2033 certificateName: EMAILADDRESS=info@okta.com, CN=dev-206445, OU=SSOProvider, O=Okta, L=San Francisco, ST=California, C=US - role: SAML_SP entityId: https://acme.identitysoon.com/sp alias: acme-sp callbackUrl: https://acme.test-login.sailpoint.com/saml/SSO/alias/acme-sp legacyAcsUrl: https://megapod-useast1-sso.identitysoon.com/sso/Consumer/metaAlias/acme/sp SessionConfiguration: type: object title: Session Configuration properties: maxIdleTime: type: integer format: int32 description: The maximum time in minutes a session can be idle. example: 15 rememberMe: type: boolean description: Denotes if 'remember me' is enabled. default: false example: true maxSessionTime: type: integer format: int32 description: The maximum allowable session time in minutes. example: 45 AuthUser: type: object title: Auth User properties: tenant: type: string description: Tenant name. example: test-tenant id: type: string description: Identity ID. example: 2c91808458ae7a4f0158b1bbf8af0628 uid: type: string description: Identity's unique identitifier. example: will.smith profile: type: string description: ID of the auth profile associated with the auth user. example: 2c91808458ae7a4f0158b1bbf8af0756 identificationNumber: type: string description: Auth user's employee number. example: 19-5588452 nullable: true email: type: string description: Auth user's email. example: william.smith@example.com nullable: true phone: type: string description: Auth user's phone number. example: '5555555555' nullable: true workPhone: type: string description: Auth user's work phone number. example: '5555555555' nullable: true personalEmail: type: string description: Auth user's personal email. example: william.smith@example.com nullable: true firstname: type: string description: Auth user's first name. example: Will nullable: true lastname: type: string description: Auth user's last name. example: Smith nullable: true displayName: type: string description: Auth user's name in displayed format. example: Will Smith alias: type: string description: Auth user's alias. example: will.smith lastPasswordChangeDate: type: string format: date-time description: Date of last password change. example: '2021-03-08T22:37:33.901Z' nullable: true lastLoginTimestamp: description: Timestamp of the last login (long type value). type: integer format: int64 example: 1656327185832 currentLoginTimestamp: description: Timestamp of the current login (long type value). type: integer format: int64 example: 1656327185832 lastUnlockTimestamp: type: string format: date-time description: The date and time when the user was last unlocked. example: '2021-03-08T22:37:33.901Z' nullable: true capabilities: description: Array of the auth user's capabilities. type: array nullable: true items: type: string enum: - CERT_ADMIN - CLOUD_GOV_ADMIN - CLOUD_GOV_USER - HELPDESK - ORG_ADMIN - REPORT_ADMIN - ROLE_ADMIN - ROLE_SUBADMIN - SAAS_MANAGEMENT_ADMIN - SAAS_MANAGEMENT_READER - SOURCE_ADMIN - SOURCE_SUBADMIN - das:ui-administrator - das:ui-compliance_manager - das:ui-auditor - das:ui-data-scope - sp:aic-dashboard-read - sp:aic-dashboard-write - sp:ui-config-hub-admin - sp:ui-config-hub-backup-admin - sp:ui-config-hub-read example: ORG_ADMIN CampaignAlert: type: object title: Campaign Alert properties: level: type: string enum: - ERROR - WARN - INFO description: Denotes the level of the message example: ERROR localizations: type: array items: $ref: '#/components/schemas/ErrorMessageDto' SlimCampaign: type: object title: Slim Campaign required: - name - description - type properties: id: type: string readOnly: true description: Id of the campaign example: 2c9079b270a266a60170a2779fcb0007 nullable: true name: description: | The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details. type: string example: Manager Campaign description: type: string nullable: true description: | The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details. example: Everyone needs to be reviewed by their manager deadline: type: string nullable: true format: date-time description: The campaign's completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response. example: '2020-03-15T10:00:01.456Z' type: type: string description: The type of campaign. Could be extended in the future. enum: - MANAGER - SOURCE_OWNER - SEARCH - ROLE_COMPOSITION - MACHINE_ACCOUNT example: MANAGER emailNotificationEnabled: type: boolean description: Enables email notification for this campaign default: false example: false autoRevokeAllowed: type: boolean description: Allows auto revoke for this campaign default: false example: false recommendationsEnabled: type: boolean description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. default: false example: true status: type: string description: The campaign's current status. nullable: true readOnly: true enum: - PENDING - STAGED - CANCELING - ACTIVATING - ACTIVE - COMPLETING - COMPLETED - ERROR - ARCHIVED - null example: ACTIVE correlatedStatus: type: string description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). enum: - CORRELATED - UNCORRELATED example: CORRELATED created: type: string nullable: true readOnly: true format: date-time description: Created time of the campaign example: '2020-03-03T22:15:13.611Z' totalCertifications: type: integer nullable: true format: int32 description: The total number of certifications in this campaign. readOnly: true example: 100 completedCertifications: type: integer nullable: true format: int32 description: The number of completed certifications in this campaign. readOnly: true example: 10 alerts: type: array nullable: true description: A list of errors and warnings that have accumulated. readOnly: true items: $ref: '#/components/schemas/CampaignAlert' AccessConstraint: type: object title: Access Constraint properties: type: type: string enum: - ENTITLEMENT - ACCESS_PROFILE - ROLE description: Type of Access example: ENTITLEMENT ids: description: Must be set only if operator is SELECTED. type: array items: type: string example: - 2c90ad2a70ace7d50170acf22ca90010 operator: type: string enum: - ALL - SELECTED description: Used to determine whether the scope of the campaign should be reduced for selected ids or all. example: SELECTED required: - type - operator Campaign-2: type: object title: Campaign allOf: - $ref: '#/components/schemas/SlimCampaign' - type: object properties: modified: type: string readOnly: true nullable: true format: date-time description: Modified time of the campaign example: '2020-03-03T22:20:12.674Z' filter: type: object nullable: true description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank. properties: id: type: string description: The ID of whatever type of filter is being used. example: 0fbe863c063c4c88a35fd7f17e8a3df5 type: type: string description: Type of the filter enum: - CAMPAIGN_FILTER example: CAMPAIGN_FILTER name: type: string description: Name of the filter example: Test Filter sunsetCommentsRequired: type: boolean description: Determines if comments on sunset date changes are required. default: true example: true sourceOwnerCampaignInfo: type: object nullable: true description: Must be set only if the campaign type is SOURCE_OWNER. properties: sourceIds: type: array description: The list of sources to be included in the campaign. items: type: string example: - 0fbe863c063c4c88a35fd7f17e8a3df5 searchCampaignInfo: type: object nullable: true description: Must be set only if the campaign type is SEARCH. properties: type: type: string description: The type of search campaign represented. enum: - IDENTITY - ACCESS example: ACCESS description: type: string description: Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available. example: Search Campaign description reviewer: type: object nullable: true description: If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP. properties: type: type: string description: The reviewer's DTO type. enum: - GOVERNANCE_GROUP - IDENTITY example: IDENTITY id: type: string description: The reviewer's ID. example: 2c91808568c529c60168cca6f90c1313 name: type: string nullable: true description: The reviewer's name. example: William Wilson query: type: string nullable: true description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set. example: Search Campaign query description identityIds: type: array nullable: true description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set. items: type: string example: - 0fbe863c063c4c88a35fd7f17e8a3df5 accessConstraints: type: array description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access. items: $ref: '#/components/schemas/AccessConstraint' maxItems: 1000 required: - type roleCompositionCampaignInfo: type: object nullable: true description: Optional configuration options for role composition campaigns. properties: reviewerId: type: string description: The ID of the identity or governance group reviewing this campaign. Deprecated in favor of the "reviewer" object. deprecated: true example: 2c91808568c529c60168cca6f90c1313 nullable: true reviewer: type: object nullable: true description: If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP. properties: type: type: string description: The reviewer's DTO type. enum: - GOVERNANCE_GROUP - IDENTITY example: IDENTITY id: type: string description: The reviewer's ID. example: 2c91808568c529c60168cca6f90c1313 name: type: string description: The reviewer's name. example: William Wilson roleIds: type: array description: Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included. items: type: string example: - 2c90ad2a70ace7d50170acf22ca90010 remediatorRef: type: object description: This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is 'IDENTITY', and the chosen identity must be a Role Admin or Org Admin. properties: type: type: string enum: - IDENTITY description: Legal Remediator Type example: IDENTITY id: type: string description: The ID of the remediator. example: 2c90ad2a70ace7d50170acf22ca90010 name: type: string description: The name of the remediator. readOnly: true example: Role Admin required: - type - id query: type: string nullable: true description: Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included. example: Search Query description: type: string nullable: true description: Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available. example: Role Composition Description required: - remediatorRef machineAccountCampaignInfo: type: object nullable: true description: Must be set only if the campaign type is MACHINE_ACCOUNT. properties: sourceIds: type: array description: The list of sources to be included in the campaign. items: type: string example: - 0fbe863c063c4c88a35fd7f17e8a3df5 reviewerType: type: string description: The reviewer's type. enum: - ACCOUNT_OWNER example: ACCOUNT_OWNER sourcesWithOrphanEntitlements: type: array nullable: true description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented). readOnly: true items: type: object properties: id: type: string description: Id of the source example: 2c90ad2a70ace7d50170acf22ca90010 type: type: string enum: - SOURCE description: Type example: SOURCE name: type: string description: Name of the source example: Source with orphan entitlements mandatoryCommentRequirement: type: string description: Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions. enum: - ALL_DECISIONS - REVOKE_ONLY_DECISIONS - NO_DECISIONS example: NO_DECISIONS AdminReviewReassign: type: object title: Admin Review Reassign properties: certificationIds: description: List of certification IDs to reassign type: array items: type: string minItems: 1 maxItems: 250 example: - af3859464779471211bb8424a563abc1 - af3859464779471211bb8424a563abc2 - af3859464779471211bb8424a563abc3 reassignTo: type: object properties: id: type: string description: The identity ID to which the review is being assigned. example: ef38f94347e94562b5bb8424a56397d8 type: type: string description: The type of the ID provided. enum: - IDENTITY example: IDENTITY reason: type: string description: Comment to explain why the certification was reassigned example: reassigned for some reason ReassignmentTrailDTO: type: object title: Reassignment Trail DTO properties: previousOwner: type: string description: The ID of previous owner identity. example: ef38f94347e94562b5bb8424a56397d8 newOwner: type: string description: The ID of new owner identity. example: ef38f94347e94562b5bb8424a56397a3 reassignmentType: type: string description: The type of reassignment. example: AUTOMATIC_REASSIGNMENT ReassignmentTrailDTOList: type: array items: $ref: '#/components/schemas/ReassignmentTrailDTO' description: Reassignment trails that lead to self certification identity example: previousOwner: ef38f94347e94562b5bb8424a56397d8 newOwner: ef38f94347e94562b5bb8424a56397a3 reassignmentType: AUTOMATIC_REASSIGNMENT CertificationTask: type: object title: Certification Task properties: id: type: string description: The ID of the certification task. example: 2c918086719eec070171a7e3355a360a type: type: string description: The type of the certification task. More values may be added in the future. enum: - REASSIGN - ADMIN_REASSIGN - COMPLETE_CERTIFICATION - FINISH_CERTIFICATION - COMPLETE_CAMPAIGN - ACTIVATE_CAMPAIGN - CAMPAIGN_CREATE - CAMPAIGN_DELETE example: ADMIN_REASSIGN targetType: type: string description: The type of item that is being operated on by this task whose ID is stored in the targetId field. enum: - CERTIFICATION - CAMPAIGN example: CAMPAIGN targetId: type: string description: The ID of the item being operated on by this task. example: 2c918086719eec070171a7e3355a834c status: type: string description: The status of the task. enum: - QUEUED - IN_PROGRESS - SUCCESS - ERROR example: QUEUED errors: $ref: '#/components/schemas/ErrorMessageDtoList' description: A list of errors that have been encountered by the task. reassignmentTrailDTOs: $ref: '#/components/schemas/ReassignmentTrailDTOList' description: Reassignment trails that lead to self certification identity created: type: string description: The date and time on which this task was created. format: date-time example: '2020-09-24T18:10:47.693Z' ActivateCampaignOptions: type: object title: Activate Campaign Options properties: timeZone: type: string description: The timezone must be in a valid ISO 8601 format. Timezones in ISO 8601 are represented as UTC (represented as 'Z') or as an offset from UTC. The offset format can be +/-hh:mm, +/-hhmm, or +/-hh. default: Z example: '-05:00' CampaignCompleteOptions: type: object title: Campaign Complete Options properties: autoCompleteAction: description: Determines whether to auto-approve(APPROVE) or auto-revoke(REVOKE) upon campaign completion. type: string enum: - APPROVE - REVOKE default: APPROVE example: REVOKE CampaignsDeleteRequest: type: object title: Campaigns Delete Request properties: ids: description: The ids of the campaigns to delete type: array items: type: string example: - 2c9180887335cee10173490db1776c26 - 2c9180836a712436016a7125a90c0021 SodReportResultDto: type: object title: Sod Report Result Dto description: SOD policy violation report result. properties: type: type: string description: SOD policy violation report result DTO type. enum: - REPORT_RESULT example: REPORT_RESULT id: type: string description: SOD policy violation report result ID. example: 2c9180835d191a86015d28455b4b232a name: type: string description: Human-readable name of the SOD policy violation report result. example: SOD Policy 1 Violation ReportResultReference: allOf: - $ref: '#/components/schemas/SodReportResultDto' - type: object properties: status: type: string description: Status of a SOD policy violation report. enum: - SUCCESS - WARNING - ERROR - TERMINATED - TEMP_ERROR - PENDING example: PENDING ReportType: type: string description: type of a Report enum: - CAMPAIGN_COMPOSITION_REPORT - CAMPAIGN_REMEDIATION_STATUS_REPORT - CAMPAIGN_STATUS_REPORT - CERTIFICATION_SIGNOFF_REPORT example: CAMPAIGN_COMPOSITION_REPORT CampaignReport: type: object title: Campaign Report required: - reportType allOf: - $ref: '#/components/schemas/ReportResultReference' - type: object properties: reportType: $ref: '#/components/schemas/ReportType' lastRunAt: type: string readOnly: true format: date-time description: The most recent date and time this report was run example: type: REPORT_RESULT id: 2c91808568c529c60168cca6f90c1313 name: Campaign Composition Report status: SUCCESS reportType: CAMPAIGN_COMPOSITION_REPORT lastRunAt: '2019-12-19T13:49:37.385Z' CampaignReportsConfig: type: object title: Campaign Reports Configuration properties: identityAttributeColumns: type: array nullable: true description: list of identity attribute columns items: type: string example: - firstname - lastname CriteriaType: type: string enum: - COMPOSITE - ROLE - IDENTITY - IDENTITY_ATTRIBUTE - ENTITLEMENT - ACCESS_PROFILE - SOURCE - ACCOUNT - AGGREGATED_ENTITLEMENT - INVALID_CERTIFIABLE_ENTITY - INVALID_CERTIFIABLE_BUNDLE description: Type of the criteria in the filter. The `COMPOSITE` filter can contain multiple filters in an AND/OR relationship. example: IDENTITY_ATTRIBUTE Operation: type: string enum: - EQUALS - NOT_EQUALS - CONTAINS - STARTS_WITH - ENDS_WITH - AND - OR - null description: Operation on a specific criteria example: EQUALS nullable: true CampaignFilterDetails: type: object title: Campaign Filter Details description: Campaign Filter Details properties: id: type: string description: The unique ID of the campaign filter example: 5ec18cef39020d6fd7a60ad3970aba61 name: type: string description: Campaign filter name. example: Identity Attribute Campaign Filter description: type: string description: Campaign filter description. example: Campaign filter to certify data based on an identity attribute's specified property. owner: type: string description: Owner of the filter. This field automatically populates at creation time with the current user. example: SailPoint Support nullable: true mode: type: string description: Mode/type of filter, either the INCLUSION or EXCLUSION type. The INCLUSION type includes the data in generated campaigns as per specified in the criteria, whereas the EXCLUSION type excludes the data in generated campaigns as per specified in criteria. enum: - INCLUSION - EXCLUSION example: INCLUSION criteriaList: type: array description: List of criteria. items: type: object properties: type: $ref: '#/components/schemas/CriteriaType' operation: $ref: '#/components/schemas/Operation' property: type: string description: Specified key from the type of criteria. example: displayName nullable: true value: type: string description: Value for the specified key from the type of criteria. example: Allie nullable: true negateResult: type: boolean description: If true, the filter will negate the result of the criteria. example: false default: false shortCircuit: type: boolean description: If true, the filter will short circuit the evaluation of the criteria. example: false default: false recordChildMatches: type: boolean description: If true, the filter will record child matches for the criteria. example: false default: false id: type: string description: The unique ID of the criteria. example: 5ec18cef39020d6fd7a60ad3970aba61 nullable: true suppressMatchedItems: type: boolean description: | If this value is true, then matched items will not only be excluded from the campaign, they will also not have archived certification items created. Such items will not appear in the exclusion report. example: false default: false children: type: array description: List of child criteria. items: type: object required: - type - property - value example: - type: IDENTITY_ATTRIBUTE property: displayName value: support operation: CONTAINS negateResult: false shortCircuit: false recordChildMatches: false id: null suppressMatchedItems: false children: null isSystemFilter: type: boolean default: false description: If true, the filter is created by the system. If false, the filter is created by a user. example: false required: - id - name - owner - mode - isSystemFilter CampaignTemplate: type: object title: Campaign Template description: Campaign Template properties: id: type: string description: Id of the campaign template example: 2c9079b270a266a60170a277bb960008 name: type: string description: This template's name. Has no bearing on generated campaigns' names. example: Manager Campaign Template description: type: string description: This template's description. Has no bearing on generated campaigns' descriptions. example: Template for the annual manager campaign. created: type: string description: Creation date of Campaign Template readOnly: true format: date-time example: '2020-03-05T22:44:00.364Z' modified: type: string nullable: true description: Modification date of Campaign Template readOnly: true format: date-time example: '2020-03-05T22:52:09.969Z' scheduled: type: boolean readOnly: true description: Indicates if this campaign template has been scheduled. example: false default: false ownerRef: type: object readOnly: true description: The owner of this template, and the owner of campaigns generated from this template via a schedule. This field is automatically populated at creation time with the current user. properties: id: type: string description: Id of the owner example: 2c918086676d3e0601677611dbde220f type: type: string enum: - IDENTITY description: Type of the owner example: IDENTITY name: type: string description: Name of the owner example: Mister Manager email: type: string description: Email of the owner example: mr.manager@example.com deadlineDuration: type: string nullable: true description: The time period during which the campaign should be completed, formatted as an ISO-8601 Duration. When this template generates a campaign, the campaign's deadline will be the current date plus this duration. For example, if generation occurred on 2020-01-01 and this field was "P2W" (two weeks), the resulting campaign's deadline would be 2020-01-15 (the current date plus 14 days). example: P2W campaign: $ref: '#/components/schemas/Campaign-2' required: - name - description - created - modified - campaign Schedule-2: type: object title: Schedule properties: type: type: string description: Determines the overall schedule cadence. In general, all time period fields smaller than the chosen type can be configured. For example, a DAILY schedule can have 'hours' set, but not 'days'; a WEEKLY schedule can have both 'hours' and 'days' set. enum: - WEEKLY - MONTHLY - ANNUALLY - CALENDAR example: WEEKLY months: type: object nullable: true description: | Specifies which months of a schedule are active. Only valid for ANNUALLY schedule types. Examples: On February and March: * type LIST * values "2", "3" Every 3 months, starting in January (quarterly): * type LIST * values "1" * interval 3 Every two months between July and December: * type RANGE * values "7", "12" * interval 2 properties: type: type: string description: Enum type to specify months value enum: - LIST - RANGE example: LIST values: type: array description: Values of the months based on the enum type mentioned above items: type: string example: - '1' interval: type: integer example: 2 format: int64 description: Interval between the cert generations required: - type - values days: type: object description: | Specifies which day(s) a schedule is active for. This is required for all schedule types. The "values" field holds different data depending on the type of schedule: * WEEKLY: days of the week (1-7) * MONTHLY: days of the month (1-31, L, L-1...) * ANNUALLY: if the "months" field is also set: days of the month (1-31, L, L-1...); otherwise: ISO-8601 dates without year ("--12-31") * CALENDAR: ISO-8601 dates ("2020-12-31") Note that CALENDAR only supports the LIST type, and ANNUALLY does not support the RANGE type when provided with ISO-8601 dates without year. Examples: On Sundays: * type LIST * values "1" The second to last day of the month: * type LIST * values "L-1" From the 20th to the last day of the month: * type RANGE * values "20", "L" Every March 2nd: * type LIST * values "--03-02" On March 2nd, 2021: * type: LIST * values "2021-03-02" properties: type: type: string description: Enum type to specify days value enum: - LIST - RANGE example: LIST values: type: array description: Values of the days based on the enum type mentioned above items: type: string example: - '1' interval: type: integer example: 2 format: int64 description: Interval between the cert generations nullable: true required: - type - values hours: type: object description: | Specifies which hour(s) a schedule is active for. Examples: Every three hours starting from 8AM, inclusive: * type LIST * values "8" * interval 3 During business hours: * type RANGE * values "9", "5" At 5AM, noon, and 5PM: * type LIST * values "5", "12", "17" properties: type: type: string description: Enum type to specify hours value enum: - LIST - RANGE example: LIST values: type: array description: Values of the days based on the enum type mentioned above items: type: string example: - '1' interval: type: integer format: int64 example: 2 description: Interval between the cert generations nullable: true required: - type - values expiration: type: string format: date-time description: Specifies the time after which this schedule will no longer occur. example: '2022-09-19 13:55:26' nullable: true timeZoneId: type: string description: The time zone to use when running the schedule. For instance, if the schedule is scheduled to run at 1AM, and this field is set to "CST", the schedule will run at 1AM CST. example: CST required: - type - hours CampaignReference: type: object title: Campaign Reference required: - id - name - type - campaignType - description - correlatedStatus - mandatoryCommentRequirement properties: id: type: string description: The unique ID of the campaign. example: ef38f94347e94562b5bb8424a56397d8 name: type: string description: The name of the campaign. example: Campaign Name type: type: string enum: - CAMPAIGN description: The type of object that is being referenced. example: CAMPAIGN campaignType: type: string enum: - MANAGER - SOURCE_OWNER - SEARCH description: The type of the campaign. example: MANAGER description: type: string description: The description of the campaign set by the admin who created it. nullable: true example: A description of the campaign correlatedStatus: type: string description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). enum: - CORRELATED - UNCORRELATED example: CORRELATED mandatoryCommentRequirement: type: string description: Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions. enum: - ALL_DECISIONS - REVOKE_ONLY_DECISIONS - NO_DECISIONS example: NO_DECISIONS CertificationPhase: type: string description: | The current phase of the campaign. * `STAGED`: The campaign is waiting to be activated. * `ACTIVE`: The campaign is active. * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete. enum: - STAGED - ACTIVE - SIGNED example: ACTIVE IdentityCertificationDto: type: object title: Identity Certification Dto properties: id: example: 2c9180835d2e5168015d32f890ca1581 type: string description: id of the certification name: example: Source Owner Access Review for Employees [source] type: string description: name of the certification campaign: $ref: '#/components/schemas/CampaignReference' completed: type: boolean description: Have all decisions been made? example: true identitiesCompleted: type: integer description: The number of identities for whom all decisions have been made and are complete. example: 5 format: int32 identitiesTotal: type: integer description: The total number of identities in the Certification, both complete and incomplete. example: 10 format: int32 created: example: '2018-06-25T20:22:28.104Z' format: date-time type: string description: created date modified: example: '2018-06-25T20:22:28.104Z' format: date-time type: string description: modified date decisionsMade: type: integer description: The number of approve/revoke/acknowledge decisions that have been made. example: 20 format: int32 decisionsTotal: type: integer description: The total number of approve/revoke/acknowledge decisions. example: 40 format: int32 due: type: string format: date-time description: The due date of the certification. example: '2018-10-19T13:49:37.385Z' nullable: true signed: type: string format: date-time nullable: true description: The date the reviewer signed off on the Certification. example: '2018-10-19T13:49:37.385Z' reviewer: $ref: '#/components/schemas/Reviewer' reassignment: $ref: '#/components/schemas/Reassignment' hasErrors: description: Identifies if the certification has an error type: boolean example: false errorMessage: description: Description of the certification error nullable: true type: string example: The certification has an error phase: $ref: '#/components/schemas/CertificationPhase' DataAccess: type: object title: Data Access description: DAS data for the entitlement nullable: true properties: policies: type: array description: List of classification policies that apply to resources the entitlement \ groups has access to items: type: object properties: value: type: string description: Value of the policy example: GDPR-20 categories: type: array description: List of classification categories that apply to resources the entitlement \ groups has access to items: type: object properties: value: type: string description: Value of the category example: email-7 matchCount: type: integer description: Number of matched for each category example: 10 impactScore: type: object properties: value: type: string description: Impact Score for this data example: Medium ActivityInsights: type: object title: Activity Insights description: Insights into account activity properties: accountID: type: string description: UUID of the account example: c4ddd5421d8549f0abd309162cafd3b1 usageDays: type: integer format: int32 minimum: 0 maximum: 90 description: The number of days of activity example: 45 usageDaysState: type: string enum: - COMPLETE - UNKNOWN description: Status indicating if the activity is complete or unknown example: COMPLETE ReviewableEntitlement: type: object nullable: true properties: id: type: string description: The id for the entitlement example: 2c918085718230600171993742c63558 name: type: string description: The name of the entitlement example: CN=entitlement.bbb7c650 description: nullable: true type: string description: Information about the entitlement example: Gives read/write access to the company database privileged: type: boolean example: false default: false description: Indicates if the entitlement is a privileged entitlement owner: $ref: '#/components/schemas/IdentityReferenceWithNameAndEmail' attributeName: type: string description: The name of the attribute on the source example: memberOf attributeValue: type: string description: The value of the attribute on the source example: CN=entitlement.bbb7c650 sourceSchemaObjectType: type: string description: The schema object type on the source used to represent the entitlement and its attributes example: groups sourceName: type: string description: The name of the source for which this entitlement belongs example: ODS-AD-Source sourceType: type: string description: The type of the source for which the entitlement belongs example: Active Directory - Direct sourceId: type: string description: The ID of the source for which the entitlement belongs example: 78ca6be511cb41fbb86dba2fcca7780c hasPermissions: type: boolean default: false description: Indicates if the entitlement has permissions example: false isPermission: type: boolean default: false description: Indicates if the entitlement is a representation of an account permission example: false revocable: type: boolean default: false description: Indicates whether the entitlement can be revoked example: true cloudGoverned: type: boolean default: false description: True if the entitlement is cloud governed example: false containsDataAccess: type: boolean description: True if the entitlement has DAS data default: false example: true dataAccess: $ref: '#/components/schemas/DataAccess' account: type: object nullable: true description: Information about the status of the entitlement properties: nativeIdentity: type: string description: The native identity for this account example: CN=Alison Ferguso disabled: type: boolean default: false example: false description: Indicates whether this account is currently disabled locked: type: boolean default: false example: false description: Indicates whether this account is currently locked type: $ref: '#/components/schemas/DtoType' id: nullable: true type: string description: The id associated with the account example: 2c9180857182305e0171993737eb29e6 name: nullable: true type: string description: The account name example: Alison Ferguso created: nullable: true type: string format: date-time description: When the account was created example: '2020-04-20T20:11:05.067Z' modified: nullable: true type: string format: date-time description: When the account was last modified example: '2020-05-20T18:57:16.987Z' activityInsights: $ref: '#/components/schemas/ActivityInsights' description: nullable: true type: string description: Information about the account example: Account for Read/write to the company database governanceGroupId: nullable: true type: string description: The id associated with the machine Account Governance Group example: 2c9180857182305e0171993737eb29e6 owner: type: object nullable: true description: Information about the machine account owner properties: id: nullable: true type: string description: The id associated with the machine account owner example: 2c9180857182305e0171993737eb29e8 type: type: string enum: - IDENTITY description: An enumeration of the types of Owner supported within the IdentityNow infrastructure. example: IDENTITY displayName: nullable: true type: string description: The machine account owner's display name example: Alison Ferguson ReviewableAccessProfile: type: object properties: id: type: string description: The id of the Access Profile example: 2c91808a7190d06e01719938fcd20792 name: type: string description: Name of the Access Profile example: Employee-database-read-write description: type: string description: Information about the Access Profile example: Collection of entitlements to read/write the employee database privileged: type: boolean description: Indicates if the entitlement is a privileged entitlement example: false cloudGoverned: type: boolean description: True if the entitlement is cloud governed example: false endDate: nullable: true type: string format: date-time description: The date at which a user's access expires example: '2021-12-25T00:00:00.000Z' owner: $ref: '#/components/schemas/IdentityReferenceWithNameAndEmail' description: Owner of the Access Profile entitlements: type: array description: A list of entitlements associated with this Access Profile items: $ref: '#/components/schemas/ReviewableEntitlement' created: type: string description: Date the Access Profile was created. format: date-time example: '2021-01-01T22:32:58.104Z' modified: type: string description: Date the Access Profile was last modified. format: date-time example: '2021-02-01T22:32:58.104Z' ReviewableRole: type: object nullable: true properties: id: type: string description: The id for the Role example: 2c91808a7190d06e0171993907fd0794 name: type: string description: The name of the Role example: Accounting-Employees description: type: string description: Information about the Role example: Role for members of the accounting department with the necessary Access Profiles privileged: type: boolean description: Indicates if the entitlement is a privileged entitlement example: false owner: $ref: '#/components/schemas/IdentityReferenceWithNameAndEmail' revocable: type: boolean description: Indicates whether the Role can be revoked or requested example: false endDate: type: string format: date-time description: The date when a user's access expires. example: '2021-12-25T00:00:00.000Z' accessProfiles: type: array description: The list of Access Profiles associated with this Role items: $ref: '#/components/schemas/ReviewableAccessProfile' entitlements: type: array description: The list of entitlements associated with this Role items: $ref: '#/components/schemas/ReviewableEntitlement' AccessSummary: type: object title: Access Summary description: An object holding the access that is being reviewed properties: access: type: object properties: type: description: The type of item being certified $ref: '#/components/schemas/DtoType' id: type: string description: The ID of the item being certified example: 2c9180867160846801719932c5153fb7 name: type: string description: The name of the item being certified example: Entitlement for Company Database entitlement: $ref: '#/components/schemas/ReviewableEntitlement' accessProfile: $ref: '#/components/schemas/ReviewableAccessProfile' role: $ref: '#/components/schemas/ReviewableRole' CertificationIdentitySummary: type: object title: Certification Identity Summary properties: id: type: string description: The ID of the identity summary example: 2c91808772a504f50172a9540e501ba7 name: type: string description: Name of the linked identity example: Alison Ferguso identityId: type: string description: The ID of the identity being certified example: 2c9180857182306001719937377a33de completed: type: boolean description: Indicates whether the review items for the linked identity's certification have been completed example: true CertificationDecision: type: string description: The decision to approve or revoke the review item enum: - APPROVE - REVOKE example: APPROVE AccessReviewItem: type: object title: Access Review Item properties: accessSummary: $ref: '#/components/schemas/AccessSummary' identitySummary: $ref: '#/components/schemas/CertificationIdentitySummary' id: type: string description: The review item's id example: ef38f94347e94562b5bb8424a56397d8 completed: type: boolean description: Whether the review item is complete example: false newAccess: type: boolean description: Indicates whether the review item is for new access to a source example: false decision: $ref: '#/components/schemas/CertificationDecision' comments: nullable: true type: string description: Comments for this review item example: This user still needs access to this source ReviewRecommendation: type: object title: Review Recommendation properties: recommendation: type: string description: The recommendation from IAI at the time of the decision. This field will be null if no recommendation was made. example: null nullable: true reasons: type: array items: type: string description: A list of reasons for the recommendation. example: - Reason 1 - Reason 2 timestamp: type: string format: date-time description: The time at which the recommendation was recorded. example: '2020-06-01T13:49:37.385Z' ReviewDecision: type: object title: Review Decision properties: id: type: string description: The id of the review decision example: ef38f94347e94562b5bb8424a56397d8 decision: $ref: '#/components/schemas/CertificationDecision' proposedEndDate: type: string format: date-time example: '2017-07-11T18:45:37.098Z' description: The date at which a user's access should be taken away. Should only be set for `REVOKE` decisions. bulk: type: boolean description: Indicates whether decision should be marked as part of a larger bulk decision example: true recommendation: nullable: true $ref: '#/components/schemas/ReviewRecommendation' comments: type: string description: Comments recorded when the decision was made example: This user no longer needs access to this source required: - id - decision - bulk ReassignReference: type: object title: Reassign Reference properties: id: type: string description: The ID of item or identity being reassigned. example: ef38f94347e94562b5bb8424a56397d8 type: type: string description: The type of item or identity being reassigned. enum: - TARGET_SUMMARY - ITEM - IDENTITY_SUMMARY example: ITEM required: - id - type ReviewReassign: type: object title: Review Reassign properties: reassign: type: array items: $ref: '#/components/schemas/ReassignReference' reassignTo: type: string description: The ID of the identity to which the certification is reassigned example: ef38f94347e94562b5bb8424a56397d8 reason: type: string description: The reason comment for why the reassign was made example: reassigned for some reason required: - reassign - reassignTo - reason IdentityCertDecisionSummary: type: object title: Identity Cert Decision Summary properties: entitlementDecisionsMade: type: integer description: Number of entitlement decisions that have been made example: 3 format: int32 accessProfileDecisionsMade: type: integer description: Number of access profile decisions that have been made example: 5 format: int32 roleDecisionsMade: type: integer description: Number of role decisions that have been made example: 2 format: int32 accountDecisionsMade: type: integer description: Number of account decisions that have been made example: 4 format: int32 entitlementDecisionsTotal: type: integer description: The total number of entitlement decisions on the certification, both complete and incomplete example: 6 format: int32 accessProfileDecisionsTotal: type: integer description: The total number of access profile decisions on the certification, both complete and incomplete example: 10 format: int32 roleDecisionsTotal: type: integer description: The total number of role decisions on the certification, both complete and incomplete example: 4 format: int32 accountDecisionsTotal: type: integer description: The total number of account decisions on the certification, both complete and incomplete example: 8 format: int32 entitlementsApproved: type: integer description: The number of entitlement decisions that have been made which were approved example: 2 format: int32 entitlementsRevoked: type: integer description: The number of entitlement decisions that have been made which were revoked example: 1 format: int32 accessProfilesApproved: type: integer description: The number of access profile decisions that have been made which were approved example: 3 format: int32 accessProfilesRevoked: type: integer description: The number of access profile decisions that have been made which were revoked example: 2 format: int32 rolesApproved: type: integer description: The number of role decisions that have been made which were approved example: 2 format: int32 rolesRevoked: type: integer description: The number of role decisions that have been made which were revoked example: 0 format: int32 accountsApproved: type: integer description: The number of account decisions that have been made which were approved example: 1 format: int32 accountsRevoked: type: integer description: The number of account decisions that have been made which were revoked example: 3 format: int32 ConnectorCustomizersResponse: type: object title: Connector Customizers Response properties: id: type: string readOnly: true description: Connector customizer ID. example: b07dc46a-1498-4de8-bfbb-259a68e70c8a name: type: string description: Connector customizer name. example: connector-customizer-name imageVersion: type: integer format: int64 description: Connector customizer image version. example: 1 imageID: type: string description: Connector customizer image id. example: 2c91808568c529c60168cca6f90c1324 tenantID: type: string description: Connector customizer tenant id. example: 2c91808568c529c60168cca6f90c1324 created: type: string description: Date-time when the connector customizer was created format: date-time example: 2009-11-10 23:00:00 +0000 UTC ConnectorCustomizerCreateRequest: type: object title: Connector Customizer Create Request properties: name: type: string description: Connector customizer name. example: My Custom Connector ConnectorCustomizerCreateResponse: description: ConnectorCustomizerResponse type: object title: Connector Customizer Create Response properties: id: type: string description: the ID of connector customizer. example: b07dc46a-1498-4de8-bfbb-259a68e70c8a name: type: string description: name of the connector customizer. example: connector-customizer-name tenantID: type: string description: Connector customizer tenant id. example: 2c91808568c529c60168cca6f90c1324 created: type: string description: Date-time when the connector customizer was created. format: date-time example: 2009-11-10 23:00:00 +0000 UTC ConnectorCustomizerUpdateRequest: description: ConnectorCustomizerUpdateRequest type: object title: Connector Customizer Update Request allOf: - $ref: '#/components/schemas/ConnectorCustomizerCreateRequest' ConnectorCustomizerUpdateResponse: description: ConnectorCustomizerUpdateResponse allOf: - type: object properties: imageVersion: type: integer format: int64 description: Connector customizer image version. example: 1 imageID: type: string description: Connector customizer image id. example: 2c91808568c529c60168cca6f90c1324 - $ref: '#/components/schemas/ConnectorCustomizerCreateResponse' ConnectorCustomizerVersionCreateResponse: description: ConnectorCustomizerVersionCreateResponse type: object title: Connector Customizer Version Create Response nullable: true properties: customizerID: type: string description: ID of connector customizer. example: b07dc46a-1498-4de8-bfbb-259a68e70c8a imageID: type: string description: ImageID of the connector customizer. example: 2c91808568c529c60168cca6f90c1324 version: type: integer format: int64 description: Image version of the connector customizer. example: 1 created: type: string description: Date-time when the connector customizer version was created. format: date-time example: '2022-02-08T14:50:03.827Z' ObjectMappingResponse: type: object title: Object Mapping Response properties: objectMappingId: type: string description: Id of the object mapping example: 3d6e0144-963f-4bd6-8d8d-d77b4e507ce4 objectType: type: string description: Type of the object the mapping value applies to example: IDENTITY enum: - ACCESS_PROFILE - ACCESS_REQUEST_CONFIG - ATTR_SYNC_SOURCE_CONFIG - AUTH_ORG - CAMPAIGN_FILTER - ENTITLEMENT - FORM_DEFINITION - GOVERNANCE_GROUP - IDENTITY - IDENTITY_OBJECT_CONFIG - IDENTITY_PROFILE - LIFECYCLE_STATE - NOTIFICATION_TEMPLATE - PASSWORD_POLICY - PASSWORD_SYNC_GROUP - PUBLIC_IDENTITIES_CONFIG - ROLE - RULE - SEGMENT - SERVICE_DESK_INTEGRATION - SOD_POLICY - SOURCE - TAG - TRANSFORM - TRIGGER_SUBSCRIPTION - WORKFLOW jsonPath: type: string description: JSONPath expression denoting the path within the object where the mapping value should be applied example: $.name sourceValue: type: string description: Original value at the jsonPath location within the object example: My Governance Group Name targetValue: type: string description: Value to be assigned at the jsonPath location within the object example: My New Governance Group Name enabled: type: boolean description: Whether or not this object mapping is enabled default: false example: false created: type: string description: Object mapping creation timestamp example: '2024-03-19T23:18:53.732Z' modified: type: string description: Object mapping latest update timestamp example: '2024-03-19T23:18:53.732Z' ObjectMappingRequest: type: object title: Object Mapping Request required: - objectType - jsonPath - sourceValue - targetValue properties: objectType: type: string description: Type of the object the mapping value applies to, must be one from enum example: IDENTITY enum: - ACCESS_PROFILE - ACCESS_REQUEST_CONFIG - ATTR_SYNC_SOURCE_CONFIG - AUTH_ORG - CAMPAIGN_FILTER - ENTITLEMENT - FORM_DEFINITION - GOVERNANCE_GROUP - IDENTITY - IDENTITY_OBJECT_CONFIG - IDENTITY_PROFILE - LIFECYCLE_STATE - NOTIFICATION_TEMPLATE - PASSWORD_POLICY - PASSWORD_SYNC_GROUP - PUBLIC_IDENTITIES_CONFIG - ROLE - RULE - SEGMENT - SERVICE_DESK_INTEGRATION - SOD_POLICY - SOURCE - TAG - TRANSFORM - TRIGGER_SUBSCRIPTION - WORKFLOW jsonPath: type: string description: JSONPath expression denoting the path within the object where the mapping value should be applied example: $.name sourceValue: type: string description: Original value at the jsonPath location within the object example: My Governance Group Name targetValue: type: string description: Value to be assigned at the jsonPath location within the object example: My New Governance Group Name enabled: type: boolean description: Whether or not this object mapping is enabled default: false example: false ObjectMappingBulkCreateRequest: type: object title: Bulk Create Object Mapping Request required: - newObjectsMappings properties: newObjectsMappings: type: array items: $ref: '#/components/schemas/ObjectMappingRequest' ObjectMappingBulkCreateResponse: type: object title: Bulk Create Object Mapping Response properties: addedObjects: type: array items: $ref: '#/components/schemas/ObjectMappingResponse' ObjectMappingBulkPatchRequest: type: object title: Bulk Update Object Mapping Request required: - patches properties: patches: description: Map of id of the object mapping to a JsonPatchOperation describing what to patch on that object mapping. type: object additionalProperties: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: 603b1a61-d03d-4ed1-864f-a508fbd1995d: - op: replace path: /enabled value: true 00bece34-f50d-4227-8878-76f620b5a971: - op: replace path: /targetValue value: New Target Value ObjectMappingBulkPatchResponse: type: object title: Bulk Update Object Mapping Response properties: patchedObjects: type: array items: $ref: '#/components/schemas/ObjectMappingResponse' ScheduledActionResponse: type: object properties: id: type: string description: Unique identifier for this scheduled action. example: 3469b87d-48ca-439a-868f-2160001da8c1 created: type: string format: date-time description: The time when this scheduled action was created. example: '2021-05-11T22:23:16Z' jobType: type: string description: Type of the scheduled job. enum: - BACKUP - CREATE_DRAFT - CONFIG_DEPLOY_DRAFT example: BACKUP content: type: object description: Content details for the scheduled action. properties: name: type: string description: Name of the scheduled action (maximum 50 characters). maxLength: 50 example: Daily Backup backupOptions: type: object description: Options for BACKUP type jobs. Optional, applicable for BACKUP jobs only. properties: includeTypes: type: array description: Object types that are to be included in the backup. items: type: string example: - ROLE - IDENTITY_PROFILE objectOptions: type: object description: Map of objectType string to the options to be passed to the target service for that objectType. additionalProperties: type: object properties: includedNames: type: array description: Set of names to be included. items: type: string example: - Admin Role - User Role example: SOURCE: includedNames: - Source1 - Source2 ROLE: includedNames: - Admin Role - User Role sourceBackupId: type: string description: ID of the source backup. Required for CREATE_DRAFT jobs only. example: 5678b87d-48ca-439a-868f-2160001da8c2 sourceTenant: type: string description: Source tenant identifier. Required for CREATE_DRAFT jobs only. example: tenant-name draftId: type: string description: ID of the draft to be deployed. Required for CONFIG_DEPLOY_DRAFT jobs only. example: 9012b87d-48ca-439a-868f-2160001da8c3 startTime: type: string format: date-time description: The time when this scheduled action should start. example: '2021-05-12T10:00:00Z' cronString: type: string description: Cron expression defining the schedule for this action. example: 0 0 12 * * * * timeZoneId: type: string description: Time zone ID for interpreting the cron expression. example: America/Chicago ScheduledActionPayload: type: object required: - jobType - content properties: jobType: type: string description: Type of the scheduled job. enum: - BACKUP - CREATE_DRAFT - CONFIG_DEPLOY_DRAFT example: BACKUP startTime: type: string format: date-time description: The time when this scheduled action should start. Optional. example: '2024-08-16T14:16:58.389Z' cronString: type: string description: Cron expression defining the schedule for this action. Optional for repeated events. example: 0 0 12 * * * * timeZoneId: type: string description: Time zone ID for interpreting the cron expression. Optional, will default to current time zone. example: America/Chicago content: type: object required: - name properties: name: type: string description: Name of the scheduled action (maximum 50 characters). maxLength: 50 example: Daily Backup backupOptions: type: object description: Options for BACKUP type jobs. Required for BACKUP jobs. properties: includeTypes: type: array description: Object types that are to be included in the backup. items: type: string example: - ROLE - IDENTITY_PROFILE objectOptions: type: object description: Map of objectType string to the options to be passed to the target service for that objectType. additionalProperties: type: object properties: includedNames: type: array description: Set of names to be included. items: type: string example: - Admin Role - User Role example: SOURCE: includedNames: - Source1 - Source2 ROLE: includedNames: - Admin Role - User Role sourceBackupId: type: string description: ID of the source backup. Required for CREATE_DRAFT jobs. example: 5678b87d-48ca-439a-868f-2160001da8c2 sourceTenant: type: string description: Source tenant identifier. Required for CREATE_DRAFT jobs. example: tenant-name draftId: type: string description: ID of the draft to be deployed. Required for CONFIG_DEPLOY_DRAFT jobs. example: 9012b87d-48ca-439a-868f-2160001da8c3 JsonPatch: type: object title: Json Patch description: A JSONPatch document as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902) properties: operations: description: Operations to be applied type: array items: $ref: '#/components/schemas/JsonPatchOperation' ObjectExportImportNames: type: object properties: includedNames: description: Object names to be included in a backup. type: array items: type: string example: Test Object name BackupOptions: type: object nullable: true description: Backup options control what will be included in the backup. properties: includeTypes: type: array description: Object type names to be included in a Configuration Hub backup command. items: type: string enum: - ACCESS_PROFILE - ACCESS_REQUEST_CONFIG - ATTR_SYNC_SOURCE_CONFIG - AUTH_ORG - CAMPAIGN_FILTER - FORM_DEFINITION - GOVERNANCE_GROUP - IDENTITY_OBJECT_CONFIG - IDENTITY_PROFILE - LIFECYCLE_STATE - NOTIFICATION_TEMPLATE - PASSWORD_POLICY - PASSWORD_SYNC_GROUP - PUBLIC_IDENTITIES_CONFIG - ROLE - RULE - SEGMENT - SERVICE_DESK_INTEGRATION - SOD_POLICY - SOURCE - TAG - TRANSFORM - TRIGGER_SUBSCRIPTION - WORKFLOW example: TRIGGER_SUBSCRIPTION objectOptions: description: Additional options targeting specific objects related to each item in the includeTypes field. type: object additionalProperties: $ref: '#/components/schemas/ObjectExportImportNames' example: TRIGGER_SUBSCRIPTION: includedNames: - Trigger Subscription name BackupResponse: type: object properties: jobId: type: string description: Unique id assigned to this backup. example: 3469b87d-48ca-439a-868f-2160001da8c1 status: type: string description: Status of the backup. enum: - NOT_STARTED - IN_PROGRESS - COMPLETE - CANCELLED - FAILED example: COMPLETE type: type: string description: Type of the job, will always be BACKUP for this type of job. enum: - BACKUP example: BACKUP tenant: type: string description: The name of the tenant performing the upload example: tenant-name requesterName: type: string description: The name of the requester. example: Requester Name fileExists: type: boolean default: true description: Whether or not a file was created and stored for this backup. example: true created: type: string format: date-time description: The time the job was started. example: '2021-05-11T22:23:16Z' modified: type: string format: date-time description: The time of the last update to the job. example: '2021-05-11T22:23:16Z' completed: type: string format: date-time description: The time the job was completed. example: '2021-05-11T22:23:16Z' name: type: string description: The name assigned to the upload file in the request body. example: Backup Name userCanDelete: type: boolean default: true description: Whether this backup can be deleted by a regular user. example: false isPartial: type: boolean default: false description: Whether this backup contains all supported object types or only some of them. example: false backupType: type: string description: |- Denotes how this backup was created. - MANUAL - The backup was created by a user. - AUTOMATED - The backup was created by devops. - AUTOMATED_DRAFT - The backup was created during a draft process. - UPLOADED - The backup was created by uploading an existing configuration file. enum: - UPLOADED - AUTOMATED - MANUAL example: MANUAL options: $ref: '#/components/schemas/BackupOptions' hydrationStatus: type: string description: Whether the object details of this backup are ready. enum: - HYDRATED - NOT_HYDRATED example: NOT_HYDRATED totalObjectCount: type: integer format: int64 description: Number of objects contained in this backup. example: 10 cloudStorageStatus: type: string description: Whether this backup has been transferred to a customer storage location. enum: - SYNCED - NOT_SYNCED - SYNC_FAILED example: SYNCED ApprovalComment: type: object title: Approval Comment required: - comment - timestamp - user - id - changedToStatus properties: comment: type: string description: Comment provided either by the approval requester or the approver. example: Approval comment timestamp: type: string format: date-time description: The time when this comment was provided. example: '2021-05-11T22:23:16Z' user: type: string description: Name of the user that provided this comment. example: user.name id: type: string description: Id of the user that provided this comment. example: 549bf881-1ac4-4a64-9acf-6014e8a3a887 changedToStatus: type: string description: Status transition of the draft. enum: - PENDING_APPROVAL - APPROVED - REJECTED example: PENDING_APPROVAL DraftResponse: type: object properties: jobId: type: string description: Unique id assigned to this job. example: 07659d7d-2cce-47c0-9e49-185787ee565a status: type: string description: Status of the job. enum: - NOT_STARTED - IN_PROGRESS - COMPLETE - CANCELLED - FAILED example: COMPLETE type: type: string description: Type of the job, will always be CREATE_DRAFT for this type of job. enum: - CREATE_DRAFT example: CREATE_DRAFT message: type: string description: Message providing information about the outcome of the draft process. example: Draft creation message requesterName: type: string description: The name of user that that initiated the draft process. example: requester.name fileExists: type: boolean default: true description: Whether or not a file was generated for this draft. example: true created: type: string format: date-time description: The time the job was started. example: '2021-05-11T22:23:16Z' modified: type: string format: date-time description: The time of the last update to the job. example: '2021-05-11T22:23:16Z' completed: type: string format: date-time description: The time the job was completed. example: '2021-05-11T22:23:16Z' name: type: string description: Name of the draft. example: Draft name sourceTenant: type: string description: Tenant owner of the backup from which the draft was generated. example: source-tenant sourceBackupId: type: string description: Id of the backup from which the draft was generated. example: 549bf881-1ac4-4a64-9acf-6014e8a3a887 sourceBackupName: type: string description: Name of the backup from which the draft was generated. example: Source backup name mode: type: string description: |- Denotes the origin of the source backup from which the draft was generated. - RESTORE - Same tenant. - PROMOTE - Different tenant. - UPLOAD - Uploaded configuration. enum: - RESTORE - PROMOTE - UPLOAD example: RESTORE approvalStatus: type: string description: Approval status of the draft used to determine whether or not the draft can be deployed. enum: - DEFAULT - PENDING_APPROVAL - APPROVED - DENIED example: APPROVED approvalComment: type: array description: List of comments that have been exchanged between an approval requester and an approver. items: $ref: '#/components/schemas/ApprovalComment' DeployResponse: type: object properties: jobId: type: string description: Unique id assigned to this job. example: 07659d7d-2cce-47c0-9e49-185787ee565a status: type: string description: Status of the job. enum: - NOT_STARTED - IN_PROGRESS - COMPLETE - CANCELLED - FAILED example: COMPLETE type: type: string description: Type of the job, will always be CONFIG_DEPLOY_DRAFT for this type of job. enum: - CONFIG_DEPLOY_DRAFT example: CONFIG_DEPLOY_DRAFT message: type: string description: Message providing information about the outcome of the deploy process. example: Deploy creation message requesterName: type: string description: The name of the user that initiated the deploy process. example: requester.name fileExists: type: boolean default: true description: Whether or not a results file was created and stored for this deploy. example: true created: type: string format: date-time description: The time the job was started. example: '2021-05-11T22:23:16Z' modified: type: string format: date-time description: The time of the last update to the job. example: '2021-05-11T22:23:16Z' completed: type: string format: date-time description: The time the job was completed. example: '2021-05-11T22:23:16Z' draftId: type: string description: The id of the draft that was used for this deploy. example: 07659d7d-2cce-47c0-9e49-185787ee565a draftName: type: string description: The name of the draft that was used for this deploy. example: Draft Name cloudStorageStatus: type: string description: Whether this deploy results file has been transferred to a customer storage location. enum: - SYNCED - NOT_SYNCED - SYNC_FAILED example: SYNCED DeployRequest: type: object title: Deploy Request required: - draftId properties: draftId: type: string description: The id of the draft to be used by this deploy. example: 3d0fe04b-57df-4a46-a83b-8f04b0f9d10b ConnectorDetail: type: object title: Connector Detail properties: name: type: string description: The connector name example: name type: type: string description: The connector type example: ServiceNow className: type: string description: The connector class name example: class name scriptName: type: string description: The connector script name example: servicenow applicationXml: type: string description: The connector application xml example: | correlationConfigXml: type: string description: The connector correlation config xml example: "\n\n\n\n\n\n\t\n\t\t\n\t\t\n\t\t\n\t\n\n" sourceConfigXml: type: string description: The connector source config xml example: |-
sourceConfig: type: string nullable: true description: The connector source config example: |-
sourceConfigFrom: type: string nullable: true description: The connector source config origin example: sp-connect s3Location: type: string description: storage path key for this connector example: custom-connector/scriptname uploadedFiles: type: array description: The list of uploaded files supported by the connector. If there was any executable files uploaded to thee connector. Typically this be empty as the executable be uploaded at source creation. nullable: true items: type: string example: - pod/org/connectorFiles/testconnector/test1.jar fileUpload: type: boolean description: true if the source is file upload example: true default: false directConnect: type: boolean description: true if the source is a direct connect source example: true default: false translationProperties: type: object description: A map containing translation attributes by loacale key additionalProperties: true example: de: |- # Copyright (C) 2024 SailPoint Technologies, Inc. All rights reserved. # DO NOT EDIT. This file is generated by "sailpointTranslate" command. menuLabel_ConnectionSettings=Verbindungseinstellungen menuLabel_AggregationSettings=Aggregationseinstellungen sectionLabel_AuthenticationSettings=Verbindungseinstellungen sectionLabel_AggregationSettings=Aggregationseinstellungen sectionInfo_AuthenticationSettings=Konfigurieren Sie eine direkte Verbindung zwischen der Quelle Delinea Secret Server On-Premise und IdentityNow.

Geben Sie bei Zeit\u00fcberschreitung bei Verbindung die maximal erlaubte Zeitdauer (in Minuten) f\u00fcr die Verbindung von IdentityNow mit der Quelle ein.

Geben Sie die Host-URL der Delinea-SCIM-Serverquelle ein.

Geben Sie den API-Token der Quelle zur Authentifizierung ein. sectionInfo_AggregationSettings=Geben Sie die Einstellungen f\u00fcr Ihre Aggregation an.

Geben Sie in das Feld Seitengr\u00f6\u00dfe die Anzahl an Kontoeintr\u00e4gen ein, die auf einer einzelnen Seite aggregiert werden sollen, wenn gro\u00dfe Datens\u00e4tze durchlaufen werden.
\n
Geben Sie im Kontofilter die Bedingungen f\u00fcr den Kontofilter an. Beispiel: userName sw "S"

Geben Sie im Gruppenfilter die Gruppenfilterbedingungen an. Beispiel: displayName sw "S". placeHolder_accAggregation=userName sw "S" placeHolder_grpAggregation=displayName sw "S" placeHolder_host=https://{Delinea_SCIM_Server_host}/v2 docLinkLabel_AuthenticationSettings=Mehr \u00fcber Verbindungseinstellungen docLinkLabel_Filters=Mehr \u00fcber Konto- und Gruppenfilter HostURL=Host-URL ConnectionTimeout=Zeit\u00fcberschreitung bei Verbindung API_TOKEN=API-Token JSONPathMapping=JSON-Path-Attribut-Mapping FilterConditionForAccounts=Kontofilter FilterConditionForGroups=Gruppenfilter Page_Size=Seitengr\u00f6\u00dfe SchemaAttribute=Schema-Attribut JSONpath=JSON-Pfad ShortDesc=Das Integrationsmodul IdentityNow f\u00fcr Delinea Secret Server On-Premise bietet die M\u00f6glichkeit einer tiefen Governance f\u00fcr Konten und Gruppen. Es unterst\u00fctzt au\u00dferdem das End-to-End-Lebenszyklus-Management. connectorMetadata: type: object description: A map containing metadata pertinent to the UI to be used additionalProperties: true example: supportedUI: EXTJS platform: ccg shortDesc: connector description status: type: string enum: - DEPRECATED - DEVELOPMENT - DEMO - RELEASED description: The connector status example: RELEASED V3ConnectorDto: title: custom connector response object type: object properties: name: type: string description: The connector name example: name type: type: string description: The connector type example: ServiceNow scriptName: type: string description: The connector script name example: servicenow className: type: string nullable: true description: The connector class name. example: sailpoint.connector.OpenConnectorAdapter features: type: array description: The list of features supported by the connector nullable: true items: type: string example: - PROVISIONING - SYNC_PROVISIONING - SEARCH - UNSTRUCTURED_TARGETS directConnect: type: boolean description: true if the source is a direct connect source example: true default: false connectorMetadata: type: object additionalProperties: true description: A map containing metadata pertinent to the connector example: supportedUI: ANGULAR platform: ccg shortDesc: connector description status: type: string enum: - DEPRECATED - DEVELOPMENT - DEMO - RELEASED description: The connector status example: RELEASED V3CreateConnectorDto: title: custom connector create request type: object required: - name - className properties: name: type: string description: The connector name. Need to be unique per tenant. The name will able be used to derive a url friendly unique scriptname that will be in response. Script name can then be used for all update endpoints example: custom connector type: type: string description: The connector type. If not specified will be defaulted to 'custom '+name example: custom connector type className: type: string description: The connector class name. If you are implementing openconnector standard (what is recommended), then this need to be set to sailpoint.connector.OpenConnectorAdapter example: sailpoint.connector.OpenConnectorAdapter directConnect: type: boolean description: true if the source is a direct connect source default: true example: true status: type: string enum: - DEVELOPMENT - DEMO - RELEASED description: The connector status example: RELEASED UpdateDetail: type: object title: Update Detail properties: message: type: string description: The detailed message for an update. Typically the relevent error message when status is error. example: unsupported xsd version, please ensure latest xsd version http://www.sailpoint.com/xsd/sailpoint_form_2_0.xsd is used for source config scriptName: type: string description: The connector script name example: servicenow updatedFiles: type: array description: The list of updated files supported by the connector nullable: true items: type: string example: - pod/org/connectorFiles/testconnector/test1.jar status: type: string enum: - ERROR - UPDATED - UNCHANGED - SKIPPED description: The connector update status example: ERROR Argument: type: object title: Argument nullable: true properties: name: type: string description: the name of the argument example: firstName description: type: string nullable: true description: the description of the argument example: the first name of the identity type: type: string nullable: true description: the programmatic type of the argument example: String required: - name SourceCode: description: SourceCode type: object title: Source Code required: - version - script properties: version: type: string description: the version of the code example: '1.0' script: type: string description: The code example: return "Mr. " + firstName; ConnectorRuleCreateRequest: description: ConnectorRuleCreateRequest type: object title: Connector Rule Create Request required: - name - type - sourceCode properties: name: type: string description: the name of the rule example: WebServiceBeforeOperationRule minLength: 1 maxLength: 128 description: type: string nullable: true description: a description of the rule's purpose example: This rule does that type: type: string enum: - BuildMap - ConnectorAfterCreate - ConnectorAfterDelete - ConnectorAfterModify - ConnectorBeforeCreate - ConnectorBeforeDelete - ConnectorBeforeModify - JDBCBuildMap - JDBCOperationProvisioning - JDBCProvision - PeopleSoftHRMSBuildMap - PeopleSoftHRMSOperationProvisioning - PeopleSoftHRMSProvision - RACFPermissionCustomization - ResourceObjectCustomization - SAPBuildMap - SapHrManagerRule - SapHrOperationProvisioning - SapHrProvision - SuccessFactorsOperationProvisioning - WebServiceAfterOperationRule - WebServiceBeforeOperationRule - ResourceObjectCustomization description: the type of rule example: BuildMap signature: description: The rule's function signature. Describes the rule's input arguments and output (if any) type: object required: - input properties: input: type: array items: $ref: '#/components/schemas/Argument' output: $ref: '#/components/schemas/Argument' sourceCode: $ref: '#/components/schemas/SourceCode' attributes: type: object nullable: true description: a map of string to objects example: {} ConnectorRuleResponse: description: ConnectorRuleResponse allOf: - $ref: '#/components/schemas/ConnectorRuleCreateRequest' - type: object nullable: true required: - id - created properties: id: type: string description: the ID of the rule example: 8113d48c0b914f17b4c6072d4dcb9dfe created: type: string description: an ISO 8601 UTC timestamp when this rule was created example: 021-07-22T15:59:23Z modified: type: string nullable: true description: an ISO 8601 UTC timestamp when this rule was last modified example: 021-07-22T15:59:23Z ConnectorRuleUpdateRequest: description: ConnectorRuleUpdateRequest allOf: - type: object required: - id properties: id: type: string description: the ID of the rule to update example: 8113d48c0b914f17b4c6072d4dcb9dfe - $ref: '#/components/schemas/ConnectorRuleCreateRequest' ConnectorRuleValidationResponse: description: ConnectorRuleValidationResponse type: object title: Connector Rule Validation Response required: - state - details properties: state: type: string enum: - OK - ERROR example: ERROR details: type: array items: description: CodeErrorDetail type: object required: - line - column - message properties: line: type: integer description: The line number where the issue occurred example: 2 column: type: integer description: the column number where the issue occurred example: 5 messsage: type: string description: a description of the issue in the code example: Remove reference to .decrypt( SegmentId: type: string description: The segment's ID. example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde ScopeType: type: string enum: - ENTITLEMENT - CERTIFICATION - IDENTITY - ENTITLEMENTREQUEST description: An enumeration of the types of scope choices example: ALL SegmentMembership: type: object description: Contains the segments and types that an identity is associated with properties: segments: type: array items: $ref: '#/components/schemas/SegmentId' description: List of segment ids that the identity is associated with. allAccessScopes: type: array items: $ref: '#/components/schemas/ScopeType' description: They type of scopes that are assigned to the identity. refreshBy: type: string format: date-time description: Date time string that lets you know when the membership data is going to be refreshed. example: '2020-01-01T00:00:00.000000Z' ScopeVisibilityType: type: string enum: - ALL - FILTER - SELECTION - UNSEGMENTED description: An enumeration of the types of scope visibility choices example: ALL Value: type: object title: Value nullable: true properties: type: type: string description: The type of attribute value example: STRING value: type: string description: The attribute value example: Austin Expression: type: object title: Expression properties: operator: type: string description: Operator for the expression enum: - AND - EQUALS example: EQUALS attribute: type: string description: Name for the attribute example: location nullable: true value: $ref: '#/components/schemas/Value' children: type: array nullable: true description: List of expressions items: type: object properties: operator: type: string description: Operator for the expression enum: - AND - EQUALS example: EQUALS attribute: type: string description: Name for the attribute example: location nullable: true value: $ref: '#/components/schemas/Value' children: type: string nullable: true description: There cannot be anymore nested children. This will always be null. example: null example: [] VisibilityCriteria: type: object title: Visibility Criteria properties: expression: $ref: '#/components/schemas/Expression' Ref: type: object properties: type: $ref: '#/components/schemas/DtoType' description: DTO type id: type: string description: ID of the object to which this reference applies example: 2c91808568c529c60168cca6f90c1313 Selection: type: array items: $ref: '#/components/schemas/Ref' nullable: false description: List of Identities that are assigned to the segment example: - type: IDENTITY id: 29cb6c061da843ea8be4b3125f248f2a - type: IDENTITY id: f7b1b8a35fed4fd4ad2982014e137e19 Scope: type: object description: This defines what access the segment is giving properties: scope: $ref: '#/components/schemas/ScopeType' visibility: $ref: '#/components/schemas/ScopeVisibilityType' scopeFilter: $ref: '#/components/schemas/VisibilityCriteria' scopeSelection: $ref: '#/components/schemas/Selection' Scopes: type: array items: $ref: '#/components/schemas/Scope' nullable: false description: List of Scopes that are assigned to the segment example: - scope: ENTITLEMENT visibility: SELECTION scopeFilter: null scopeSelection: - type: ENTITLEMENT id: 34d73f611449463ea4fdcf02cda0c397 MembershipType: type: string enum: - ALL - FILTER - SELECTION description: An enumeration of the types of membership choices example: ALL enabled: type: boolean description: This boolean indicates whether the segment is currently active. Inactive segments have no effect. default: false example: true published: type: boolean description: This boolean indicates whether the segment is being applied to the accounts. If unpublished its being actively modified to until published default: false example: true Data-Segment: type: object properties: id: $ref: '#/components/schemas/SegmentId' name: type: string description: The segment's business name. example: segment-xyz created: type: string format: date-time description: The time when the segment is created. example: '2020-01-01T00:00:00.000000Z' modified: type: string format: date-time description: The time when the segment is modified. example: '2020-01-01T00:00:00.000000Z' description: type: string description: The segment's optional description. example: This segment represents xyz scopes: $ref: '#/components/schemas/Scopes' memberSelection: $ref: '#/components/schemas/Selection' memberFilter: $ref: '#/components/schemas/VisibilityCriteria' membership: $ref: '#/components/schemas/MembershipType' enabled: $ref: '#/components/schemas/enabled' published: $ref: '#/components/schemas/published' LifecycleStateDto: type: object title: Lifecycle State Dto properties: stateName: type: string description: The name of the lifecycle state example: active manuallyUpdated: type: boolean description: Whether the lifecycle state has been manually or automatically set example: true required: - stateName - manuallyUpdated Identity: type: object title: IdentityDto required: - name properties: id: description: System-generated unique ID of the identity type: string example: 01f04e428c484542a241dc89c303b178 readOnly: true name: description: The identity's name is equivalent to its Display Name attribute. type: string example: Walter White created: description: Creation date of the identity type: string format: date-time readOnly: true example: '2023-01-03T21:16:22.432Z' modified: description: Last modification date of the identity type: string format: date-time readOnly: true example: '2023-01-03T21:16:22.432Z' alias: type: string description: The identity's alternate unique identifier is equivalent to its Account Name on the authoritative source account schema. example: walter.white emailAddress: type: string description: The email address of the identity example: walter.white@example.com nullable: true processingState: type: string nullable: true description: The processing state of the identity enum: - ERROR - OK - null example: ERROR identityStatus: type: string description: The identity's status in the system enum: - UNREGISTERED - REGISTERED - PENDING - WARNING - DISABLED - ACTIVE - DEACTIVATED - TERMINATED - ERROR - LOCKED example: LOCKED managerRef: type: object description: Identity's manager nullable: true properties: type: type: string description: DTO type of identity's manager enum: - IDENTITY example: IDENTITY id: type: string description: ID of identity's manager example: 2c4180a46faadee4016fb4e018c20626 name: type: string description: Human-readable display name of identity's manager example: Robert Robinson isManager: type: boolean description: Whether this identity is a manager of another identity default: false example: true lastRefresh: type: string format: date-time description: The last time the identity was refreshed by the system example: '2020-11-22T15:42:31.123Z' attributes: type: object description: A map with the identity attributes for the identity example: uid: '86754' firstname: Walter cloudStatus: UNREGISTERED displayName: Walter White identificationNumber: '86754' lastSyncDate: 1470348809380 email: walter.white@example.com lastname: White lifecycleState: allOf: - $ref: '#/components/schemas/LifecycleStateDto' - nullable: true description: Lifecycle state details that include lifecycle state name and whether this lifecycle state has been set manually IdentityEntities: type: object title: Identity Entities properties: identityEntity: type: object properties: id: type: string description: id of the resource to which the identity is associated example: 031034e97f094a4096c1be53f75f6b91 name: type: string description: name of the resource to which the identity is associated example: Gaston.800ddf9640a type: type: string description: type of the resource to which the identity is associated example: CAMPAIGN_CAMPAIGNER IdentityAssociationDetails: type: object title: Identity Association Details properties: message: type: string description: any additional context information of the http call result example: Identity cannot be deleted as it is owner of following resources associationDetails: type: array description: list of all the resource associations for the identity items: type: object properties: associationType: type: string description: association type with the identity example: CAMPAIGN_OWNER entities: type: array description: the specific resource this identity has ownership on items: $ref: '#/components/schemas/IdentityEntities' example: id: b660a232f05b4e04812ca974b3011e0f name: Gaston.800ddf9640a type: CAMPAIGN_CAMPAIGNER IdentitiesAccountsBulkRequest: type: object title: Identities Accounts Bulk Request properties: identityIds: description: The ids of the identities for which enable/disable accounts. type: array items: type: string example: - 2c91808384203c2d018437e631158308 - 2c9180858082150f0180893dbaf553fe BulkIdentitiesAccountsResponse: type: object title: Bulk Identities Accounts Response description: Bulk response object. properties: id: type: string description: Identifier of bulk request item. example: 2c9180858082150f0180893dbaf553fe statusCode: type: integer format: int32 description: Response status value. example: 404 message: type: string description: Status containing additional context information about failures. example: Referenced identity "2c9180858082150f0180893dbaf553fe" was not found. IdentityOwnershipAssociationDetails: type: object title: Identity Ownership Association Details properties: associationDetails: type: array description: list of all the resource associations for the identity items: type: object properties: associationType: type: string description: association type with the identity example: ROLE_OWNER entities: type: array description: the specific resource this identity has ownership on items: $ref: '#/components/schemas/IdentityEntities' example: id: b660a232f05b4e04812ca974b3011e0f name: Gaston.800ddf9640a type: ROLE RoleAssignmentRef: type: object title: Role Assignment Ref properties: id: type: string description: Assignment Id example: 1cbb0705b38c4226b1334eadd8874086 role: $ref: '#/components/schemas/BaseReferenceDto' description: Role Id and Name related to this assignment example: id: e7697a1e96d04db1ac7b0f4544915d2c type: ROLE name: Engineer addedDate: type: string format: date-time description: Date that the assignment was added example: '2025-07-11T18:45:37.098Z' ContextAttributeDto: type: object title: Context Attribute Dto properties: attribute: type: string description: The name of the attribute example: location value: oneOf: - type: string example: Austin - type: array items: type: string example: - Austin - Houston - Dallas description: The value of the attribute. This can be either a string or a multi-valued string example: Austin derived: type: boolean description: True if the attribute was derived. default: false example: false AccessRequestContext: type: object title: Access Request Context properties: contextAttributes: type: array items: $ref: '#/components/schemas/ContextAttributeDto' RoleMatchDto: type: object title: Role Match Dto properties: roleRef: $ref: '#/components/schemas/BaseReferenceDto' description: Role Id and Name related to this match example: id: e7697a1e96d04db1ac7b0f4544915d2c type: DIMENSION name: Engineer matchedAttributes: type: array items: $ref: '#/components/schemas/ContextAttributeDto' AssignmentContextDto: type: object title: Assignment Context Dto properties: requested: $ref: '#/components/schemas/AccessRequestContext' matched: type: array items: $ref: '#/components/schemas/RoleMatchDto' computedDate: type: string description: Date that the assignment will was evaluated example: Wed Feb 14 10:58:42 AccountInfoDto: type: object title: Account Info Dto properties: nativeIdentity: type: string description: The unique ID of the account generated by the source system example: CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com displayName: type: string description: Display name for this account example: Abby.Smith uuid: type: string description: UUID associated with this account example: '{ad9fc391-246d-40af-b248-b6556a2b7c01}' RoleTargetDto: type: object title: Role Target Dto properties: source: $ref: '#/components/schemas/BaseReferenceDto' description: Source Id and Name related to this assignment example: id: d18b74853739439986501ad180b27db6 type: SOURCE name: Active Directory accountInfo: $ref: '#/components/schemas/AccountInfoDto' roleName: type: string description: Specific role name for this target if using multiple accounts example: Marketing RoleAssignmentDto: type: object title: Role Assignment Dto properties: id: type: string description: Assignment Id example: 1cbb0705b38c4226b1334eadd8874086 role: $ref: '#/components/schemas/BaseReferenceDto' description: Role Id and Name related to this assignment example: id: e7697a1e96d04db1ac7b0f4544915d2c type: ROLE name: Engineer comments: type: string nullable: true description: Comments added by the user when the assignment was made example: I'm a new Engineer and need this role to do my work assignmentSource: type: string description: Source describing how this assignment was made example: UI assigner: type: object description: The identity that performed the assignment. This could be blank or system properties: type: type: string enum: - IDENTITY - UNKNOWN description: Object type example: IDENTITY id: type: string description: ID of the object to which this reference applies example: 2c91808568c529c60168cca6f90c1313 name: type: string nullable: true description: Human-readable display name of the object to which this reference applies example: William Wilson assignedDimensions: type: array description: Dimensions assigned related to this role example: - id: 1acc8ffe5fcf457090de28bee2af36ee type: DIMENSION name: Northeast region items: $ref: '#/components/schemas/BaseReferenceDto' assignmentContext: allOf: - $ref: '#/components/schemas/AssignmentContextDto' - nullable: true description: The context around the role assignment example: requested: contextAttributes: - attribute: department value: Engineering derived: false matched: - id: e7697a1e96d04db1ac7b0f4544915d2c type: DIMENSION name: Engineer computedDate: Wed Feb 14 10:58:42 accountTargets: type: array items: $ref: '#/components/schemas/RoleTargetDto' removeDate: type: string format: date-time nullable: true description: Date that the assignment will be removed example: '2026-07-11T18:45:37.098Z' addedDate: type: string format: date-time description: Date that the assignment was added example: '2025-07-11T18:45:37.098Z' EmailNotificationOption: type: object title: Email Notification Option description: This is used for representing email configuration for a lifecycle state properties: notifyManagers: type: boolean default: false example: true description: If true, then the manager is notified of the lifecycle state change. notifyAllAdmins: type: boolean default: false example: true description: If true, then all the admins are notified of the lifecycle state change. notifySpecificUsers: type: boolean default: false example: true description: If true, then the users specified in "emailAddressList" below are notified of lifecycle state change. emailAddressList: type: array example: - test@test.com - test2@test.com items: type: string description: List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change. AccountAction: type: object title: Account Action description: Object for specifying Actions to be performed on a specified list of sources' account. properties: action: example: ENABLE type: string description: Describes if action will be enable, disable or delete. enum: - ENABLE - DISABLE - DELETE sourceIds: type: array items: type: string uniqueItems: true example: - 2c918084660f45d6016617daa9210584 - 2c918084660f45d6016617daa9210500 description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features. LifecycleState: allOf: - $ref: '#/components/schemas/BaseCommonDto' - type: object required: - technicalName properties: enabled: type: boolean default: false example: true description: Indicates whether the lifecycle state is enabled or disabled. technicalName: type: string example: Technical Name description: The lifecycle state's technical name. This is for internal use. description: type: string nullable: true example: Lifecycle description description: Lifecycle state's description. identityCount: type: integer format: int32 example: 42 readOnly: true description: Number of identities that have the lifecycle state. emailNotificationOption: $ref: '#/components/schemas/EmailNotificationOption' accountActions: type: array items: $ref: '#/components/schemas/AccountAction' accessProfileIds: type: array items: type: string uniqueItems: true example: - 2c918084660f45d6016617daa9210584 - 2c918084660f45d6016617daa9210500 description: List of unique access-profile IDs that are associated with the lifecycle state. identityState: type: string nullable: true example: null description: The lifecycle state's associated identity state. This field is generally 'null'. LifecyclestateDeleted: type: object title: Lifecyclestate Deleted description: Deleted lifecycle state. properties: type: type: string description: Deleted lifecycle state's DTO type. enum: - LIFECYCLE_STATE - TASK_RESULT example: LIFECYCLE_STATE id: type: string description: Deleted lifecycle state ID. example: 12345 name: type: string description: Deleted lifecycle state's display name. example: Contractor Lifecycle TransformDefinition: type: object title: Transform Definition properties: type: type: string description: Transform definition type. example: accountAttribute attributes: type: object additionalProperties: true description: Arbitrary key-value pairs to store any metadata for the object example: attributeName: e-mail sourceName: MySource sourceId: 2c9180877a826e68017a8c0b03da1a53 IdentityAttributeTransform: type: object title: Identity Attribute Transform description: Transform definition for an identity attribute. properties: identityAttributeName: type: string description: Identity attribute's name. example: email transformDefinition: $ref: '#/components/schemas/TransformDefinition' description: Seaspray transform definition. IdentityAttributeConfig: type: object title: Identity Attribute Config description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process. properties: enabled: description: Backend will only promote values if the profile/mapping is enabled. type: boolean default: false example: true attributeTransforms: type: array items: $ref: '#/components/schemas/IdentityAttributeTransform' IdentityExceptionReportReference: type: object title: Identity Exception Report Reference nullable: true properties: taskResultId: type: string format: uuid description: Task result ID. example: 2b838de9-db9b-abcf-e646-d4f274ad4238 reportName: type: string example: My annual report description: Report name. IdentityProfileBulkDelete: description: List of Identity Profile IDs to delete. type: array items: type: string example: - 2c9180867b2a34e0017b3078d60b0699 - 2c9180867b2a34e0017b3078d60b0698 TaskResultSimplified: type: object title: Task Result Simplified properties: id: type: string description: Task identifier example: ff8081814d977c21014da056804a0af3 name: type: string description: Task name example: Background Object Terminator c8f030f2-b1a6-4e33-99e8-6935bc18735d description: type: string description: Task description example: Generic task for terminating data in the overlay, used by the TerminationService. launcher: type: string description: User or process who launched the task example: support completed: type: string format: date-time description: Date time of completion example: Mon Aug 21 14:57:39 CDT 2023 launched: type: string format: date-time description: Date time when the task was launched example: Mon Aug 21 14:55:39 CDT 2023 completionStatus: type: string enum: - Success - Warning - Error - Terminated - TempError description: Task result status example: Success IdentityProfileExportedObject: type: object title: Identity Profile Exported Object description: Identity profile exported object. properties: version: type: integer example: 1 description: Version or object from the target service. format: int32 self: type: object description: Self block for exported object. properties: type: type: string description: Exported object's DTO type. enum: - ACCESS_PROFILE - ACCESS_REQUEST_CONFIG - ATTR_SYNC_SOURCE_CONFIG - AUTH_ORG - CAMPAIGN_FILTER - FORM_DEFINITION - GOVERNANCE_GROUP - IDENTITY_OBJECT_CONFIG - IDENTITY_PROFILE - LIFECYCLE_STATE - NOTIFICATION_TEMPLATE - PASSWORD_POLICY - PASSWORD_SYNC_GROUP - PUBLIC_IDENTITIES_CONFIG - ROLE - RULE - SEGMENT - SERVICE_DESK_INTEGRATION - SOD_POLICY - SOURCE - TAG - TRANSFORM - TRIGGER_SUBSCRIPTION - WORKFLOW example: SOURCE id: type: string description: Exported object's ID. example: 2c9180835d191a86015d28455b4b232a name: type: string description: Exported object's display name. example: HR Active Directory object: $ref: '#/components/schemas/IdentityProfile' SpConfigMessage: type: object title: Config Import/Export Message description: Message model for Config Import/Export. properties: key: type: string description: Message key. example: UNKNOWN_REFERENCE_RESOLVER text: type: string description: Message text. example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]' details: type: object description: Message details if any, in key:value pairs. additionalProperties: true example: details: message details required: - key - text - details ImportObject: type: object title: Import Object description: Object created or updated by import. properties: type: type: string description: DTO type of object created or updated by import. enum: - CONNECTOR_RULE - IDENTITY_OBJECT_CONFIG - IDENTITY_PROFILE - RULE - SOURCE - TRANSFORM - TRIGGER_SUBSCRIPTION example: SOURCE id: type: string description: ID of object created or updated by import. example: 2c9180835d191a86015d28455b4b232a name: type: string description: Display name of object created or updated by import. example: HR Active Directory ObjectImportResult: type: object title: Import Object Response Body description: Response model for import of a single object. properties: infos: description: Informational messages returned from the target service on import. type: array items: $ref: '#/components/schemas/SpConfigMessage' warnings: description: Warning messages returned from the target service on import. type: array items: $ref: '#/components/schemas/SpConfigMessage' errors: description: Error messages returned from the target service on import. type: array items: $ref: '#/components/schemas/SpConfigMessage' importedObjects: description: References to objects that were created or updated by the import. type: array items: $ref: '#/components/schemas/ImportObject' required: - infos - warnings - errors - importedObjects ManagedClient: description: Managed Client type: object title: Managed Client required: - clientId - clusterId - description - type properties: id: description: ManagedClient ID readOnly: true nullable: true type: string example: 2c9180878eaf4204018eb019c3570003 alertKey: description: ManagedClient alert key readOnly: true nullable: true type: string example: CLIENT_STATUS_NOT_CONFIGURED apiGatewayBaseUrl: description: apiGatewayBaseUrl for the Managed client nullable: true type: string cookbook: description: cookbook id for the Managed client nullable: true type: string ccId: description: Previous CC ID to be used in data migration. (This field will be deleted after CC migration!) nullable: true type: integer format: int64 example: 2248 clientId: description: The client ID used in API management type: string example: 00be54a2-bb6d-402f-9159-beb2d5319347 clusterId: description: Cluster ID that the ManagedClient is linked to type: string example: e1ff7bb24c934240bbf55e1aa39e41c5 description: description: ManagedClient description type: string default: '' example: A short description of the ManagedClient ipAddress: description: The public IP address of the ManagedClient readOnly: true nullable: true type: string example: 123.456.78.90 lastSeen: description: When the ManagedClient was last seen by the server readOnly: true nullable: true type: string format: date-time example: '2020-01-01T00:00:00.000000Z' name: description: ManagedClient name nullable: true type: string default: VA-$clientId example: aName sinceLastSeen: description: Milliseconds since the ManagedClient has polled the server readOnly: true nullable: true type: string example: 15000 status: description: Status of the ManagedClient readOnly: true nullable: true type: string enum: - NORMAL - UNDEFINED - NOT_CONFIGURED - CONFIGURING - WARNING - ERROR - FAILED - null example: NORMAL type: description: Type of the ManagedClient (VA, CCG) type: string example: VA clusterType: description: Cluster Type of the ManagedClient readOnly: true nullable: true type: string enum: - null - idn - iai - spConnectCluster - sqsCluster - das-rc - das-pc - das-dc example: idn vaDownloadUrl: description: ManagedClient VA download URL readOnly: true nullable: true type: string example: aUrl vaVersion: description: Version that the ManagedClient's VA is running readOnly: true nullable: true type: string example: va-megapod-useast1-610-1621372012 secret: description: Client's apiKey nullable: true type: string example: ef878e15eaa8c8d3e2fa52f41125e2a0eeadadc6a14f931a33ad3e1b62d56381 createdAt: description: The date/time this ManagedClient was created example: '2023-08-04T20:48:01.865Z' nullable: true type: string format: date-time updatedAt: description: The date/time this ManagedClient was last updated example: '2023-08-04T20:48:01.865Z' nullable: true type: string format: date-time provisionStatus: description: The provisioning status of the ManagedClient readOnly: true nullable: true type: string enum: - null - PROVISIONED - DRAFT example: PROVISIONED healthIndicators: description: The health indicators of the ManagedClient type: object nullable: true example: network: errors: [] warnings: [] memory: errors: [] warnings: [] cpu: errors: [] warnings: [] ManagedClientRequest: description: Managed Client Request type: object title: Managed Client Request required: - clusterId properties: clusterId: description: Cluster ID that the ManagedClient is linked to type: string example: aClusterId description: description: description for the ManagedClient to create type: string nullable: true example: A short description of the ManagedClient name: description: name for the ManagedClient to create type: string nullable: true example: aName type: description: Type of the ManagedClient (VA, CCG) to create type: string nullable: true example: VA ManagedClientType: description: Managed Client type type: string example: CCG nullable: true enum: - CCG - VA - INTERNAL - IIQ_HARVESTER - null ManagedClientStatusCode: type: string description: Status of a Managed Client enum: - NORMAL - UNDEFINED - NOT_CONFIGURED - CONFIGURING - WARNING - ERROR - FAILED example: NORMAL ManagedClientStatus: description: Managed Client Status type: object title: Managed Client Status required: - body - status - type - timestamp properties: body: description: ManagedClientStatus body information type: object example: alertKey: '' id: '5678' clusterId: '1234' ccg_etag: ccg_etag123xyz456 ccg_pin: NONE cookbook_etag: 20210420125956-20210511144538 hostname: megapod-useast1-secret-hostname.sailpoint.com internal_ip: 127.0.0.1 lastSeen: '1620843964604' sinceSeen: '14708' sinceSeenMillis: '14708' localDev: false stacktrace: '' state: null status: NORMAL uuid: null product: idn va_version: null platform_version: '2' os_version: 2345.3.1 os_type: flatcar hypervisor: unknown status: description: status of the Managed Client $ref: '#/components/schemas/ManagedClientStatusCode' example: NORMAL type: description: type of the Managed Client $ref: '#/components/schemas/ManagedClientType' example: CCG timestamp: description: timestamp on the Client Status update type: string format: date-time example: '2020-01-01T00:00:00.000000Z' ManagedClusterTypes: type: string description: | The Type of Cluster: * `idn` - IDN VA type * `iai` - IAI harvester VA * `spConnectCluster` - Saas 2.0 connector cluster (this should be one per org) * `sqsCluster` - This should be unused * `das-rc` - Data Access Security Resources Collector * `das-pc` - Data Access Security Permissions Collector * `das-dc` - Data Access Security Data Classification Collector * `pag` - Privilege Action Gateway VA * `das-am` - Data Access Security Activity Monitor * `standard` - Standard Cluster type for running multiple products example: idn enum: - idn - iai - spConnectCluster - sqsCluster - das-rc - das-pc - das-dc - pag - das-am - standard ManagedClusterKeyPair: description: Managed Cluster key pair for Cluster type: object title: Managed Cluster Key Pair properties: publicKey: nullable: true description: ManagedCluster publicKey type: string example: '-----BEGIN PUBLIC KEY-----******-----END PUBLIC KEY-----' publicKeyThumbprint: nullable: true description: ManagedCluster publicKeyThumbprint type: string example: 6CMlaJIV44-xJxcB3CJBjDUUn54 publicKeyCertificate: nullable: true description: ManagedCluster publicKeyCertificate type: string example: '-----BEGIN CERTIFICATE-----****-----END CERTIFICATE-----' ManagedClusterQueue: description: Managed Cluster key pair for Cluster type: object title: Managed Cluster Queue properties: name: description: ManagedCluster queue name type: string example: megapod-useast1-denali-lwt-cluster-1533 region: description: ManagedCluster queue aws region type: string example: us-east-1 ManagedClusterAttributes: description: Managed Cluster Attributes for Cluster Configuration. Supported Cluster Types [sqsCluster, spConnectCluster] type: object title: Managed Cluster Attributes properties: queue: description: ManagedCluster keystore for sqsCluster type $ref: '#/components/schemas/ManagedClusterQueue' keystore: nullable: true description: ManagedCluster keystore for spConnectCluster type type: string example: /u3+7QAAAAIAAAABAAAAAQAvL3Byb3h5LWNsdXN0ZXIvMmM5MTgwODc3Yjg3MW ManagedClusterRedis: description: Managed Cluster Redis Configuration type: object title: Managed Cluster Redis properties: redisHost: description: ManagedCluster redisHost type: string example: megapod-useast1-shared-redis.cloud.sailpoint.com redisPort: description: ManagedCluster redisPort type: integer format: int32 example: 6379 StandardLevel: description: Standard Log4j log level type: string example: INFO enum: - 'OFF' - FATAL - ERROR - WARN - INFO - DEBUG - TRACE LogLevelSpec: description: Mapping of identifiers to Standard Log Level values type: object title: Log Level Spec example: INFO additionalProperties: default: INFO example: TRACE $ref: '#/components/schemas/StandardLevel' ClientLogConfiguration: description: Client Runtime Logging Configuration nullable: true type: object title: Client Log Configuration required: - rootLevel properties: clientId: description: Log configuration's client ID type: string example: 3a38a51992e8445ab51a549c0a70ee66 durationMinutes: description: Duration in minutes for log configuration to remain in effect before resetting to defaults. type: integer format: int32 example: 120 default: 240 minimum: 5 maximum: 1440 expiration: description: Expiration date-time of the log configuration request. Can be no greater than 24 hours from current date-time. example: '2024-11-06T01:31:08.013164Z' type: string format: date-time rootLevel: description: Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107). default: INFO example: INFO $ref: '#/components/schemas/StandardLevel' logLevels: description: Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107). example: sailpoint.connector.ADLDAPConnector: TRACE sailpoint.connector.JDBCConnector: DEBUG $ref: '#/components/schemas/LogLevelSpec' ManagedClusterEncryptionConfig: type: object title: Managed Cluster Encryption Configuration description: Defines the encryption settings for a managed cluster, including the format used for storing and processing encrypted data. properties: format: type: string description: Specifies the format used for encrypted data, such as secrets. The format determines how the encrypted data is structured and processed. example: V3 enum: - V2 - V3 ManagedCluster: description: Managed Cluster type: object title: Managed Cluster required: - id - clientType - ccgVersion properties: id: description: ManagedCluster ID type: string example: e1ff7bb24c934240bbf55e1aa39e41c5 name: description: ManagedCluster name type: string example: Managed Cluster Name pod: description: ManagedCluster pod type: string example: megapod-useast1 org: description: ManagedCluster org type: string example: denali type: description: The Type of Cluster example: idn nullable: false default: idn $ref: '#/components/schemas/ManagedClusterTypes' configuration: description: ManagedProcess configuration map type: object additionalProperties: type: string nullable: true example: clusterExternalId: e1ff7bb24c934240bbf55e1aa39e41c5 clusterType: sqsCluster gmtOffset: '-5' keyPair: description: key pair for the ManagedCluster $ref: '#/components/schemas/ManagedClusterKeyPair' attributes: description: Specific Attributes for Configuring a ManagedCluster by Type $ref: '#/components/schemas/ManagedClusterAttributes' description: description: ManagedCluster description type: string default: q example: A short description of the managed cluster. redis: description: Redis configuration for the ManagedCluster $ref: '#/components/schemas/ManagedClusterRedis' clientType: description: type of client for the ManagedCluster $ref: '#/components/schemas/ManagedClientType' ccgVersion: description: CCG version used by the ManagedCluster type: string example: v01 pinnedConfig: description: boolean flag indicating whether or not the cluster configuration is pinned type: boolean default: false example: false logConfiguration: description: client log configuration for the cluster example: rootLevel: WARN logLevels: foobar: WARN $ref: '#/components/schemas/ClientLogConfiguration' operational: description: Whether or not the cluster is operational or not type: boolean default: false example: false status: description: Cluster status type: string enum: - CONFIGURING - FAILED - NO_CLIENTS - NORMAL - WARNING example: NORMAL publicKeyCertificate: nullable: true description: Public key certificate type: string example: '-----BEGIN CERTIFICATE-----TCCAb2gAwIBAgIBADANBgkqhkiG9w0BAQsFADAuMQ0wCwYDVQQD-----END CERTIFICATE-----' publicKeyThumbprint: nullable: true description: Public key thumbprint type: string example: obc6pLiulGbtZ publicKey: nullable: true description: Public key type: string example: '-----BEGIN PUBLIC KEY-----jANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3WgnsxP52MDgBTfHR+5n4-----END PUBLIC KEY-----' encryptionConfiguration: $ref: '#/components/schemas/ManagedClusterEncryptionConfig' alertKey: description: Key describing any immediate cluster alerts type: string example: LIMITED_RESOURCES clientIds: type: array description: List of clients in a cluster items: type: string example: - '1244' - '1245' serviceCount: description: Number of services bound to a cluster type: integer format: int32 default: 0 example: 6 ccId: description: CC ID only used in calling CC, will be removed without notice when Migration to CEGS is finished type: string default: '0' example: '1533' createdAt: description: The date/time this cluster was created example: '2023-08-04T20:48:01.865Z' nullable: true type: string format: date-time updatedAt: description: The date/time this cluster was last updated example: '2023-08-04T20:48:01.865Z' nullable: true type: string format: date-time lastReleaseNotifiedAt: description: The date/time this cluster was notified for the last release type: string format: date-time nullable: true example: '2025-03-11T07:00:13.729721Z' updatePreferences: description: The preference for applying updates for the cluster type: object properties: processGroups: description: The processGroups for updatePreferences type: string nullable: true example: processGroup1 updateState: description: The current updateState for the cluster type: string nullable: true enum: - null - AUTO - DISABLED example: DISABLED notificationEmail: description: The mail id to which new releases will be notified type: string format: email nullable: true example: test@mail.com currentInstalledReleaseVersion: description: The current installed release on the Managed cluster type: string nullable: true example: '123.1' updatePackage: description: New available updates for the Managed cluster type: string nullable: true example: 123.1.2 isOutOfDateNotifiedAt: description: The time at which out of date notification was sent for the Managed cluster type: string format: date-time nullable: true example: '2025-03-11T07:00:13.734393Z' consolidatedHealthIndicatorsStatus: description: The consolidated Health Status for the Managed cluster type: string nullable: true enum: - null - NORMAL - WARNING - ERROR example: ERROR ManagedClusterRequest: description: Request to create Managed Cluster type: object title: Managed Cluster Request required: - name properties: name: description: ManagedCluster name type: string nullable: false example: Managed Cluster Name type: description: The Type of Cluster example: idn $ref: '#/components/schemas/ManagedClusterTypes' configuration: description: ManagedProcess configuration map type: object additionalProperties: type: string example: clusterExternalId: externalId ccgVersion: 77.0.0 description: description: ManagedCluster description type: string nullable: true example: A short description of the managed cluster. ClientLogConfigurationDurationMinutes: description: Client Runtime Logging Configuration title: Set Duration Minutes nullable: true type: object required: - rootLevel properties: clientId: description: Log configuration's client ID type: string example: 3a38a51992e8445ab51a549c0a70ee66 durationMinutes: description: Duration in minutes for log configuration to remain in effect before resetting to defaults. type: integer format: int32 example: 120 default: 240 minimum: 5 maximum: 1440 rootLevel: description: Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107). default: INFO example: INFO $ref: '#/components/schemas/StandardLevel' logLevels: description: Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107). example: sailpoint.connector.ADLDAPConnector: TRACE sailpoint.connector.JDBCConnector: DEBUG $ref: '#/components/schemas/LogLevelSpec' ClientLogConfigurationExpiration: description: Client Runtime Logging Configuration title: Set Expiration Date nullable: true type: object required: - rootLevel properties: clientId: description: Log configuration's client ID type: string example: 3a38a51992e8445ab51a549c0a70ee66 expiration: description: Expiration date-time of the log configuration request. Can be no greater than 24 hours from current date-time. example: '2024-11-06T01:31:08.013164Z' type: string format: date-time rootLevel: description: Root log level to apply, the default level for all logs. For more information about logging levels, refer to the "Logging Levels" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107). default: INFO example: INFO $ref: '#/components/schemas/StandardLevel' logLevels: description: Map of log level by key. The keys are logging classes, and the values are logging levels. To see the available connectors and their logging classes, refer to the "Logging Classes" table in [Enabling Connector Logging in IdentityNow](https://community.sailpoint.com/t5/IdentityNow-Articles/Enabling-Connector-Logging-in-IdentityNow/ta-p/188107). example: sailpoint.connector.ADLDAPConnector: TRACE sailpoint.connector.JDBCConnector: DEBUG $ref: '#/components/schemas/LogLevelSpec' ClusterManualUpgrade: description: Manual Upgrade Job Response nullable: false type: object title: Cluster Manual Upgrade properties: jobs: description: List of job objects for the upgrade request. type: array items: type: object required: - uuid - cookbook - state - type - targetId - managedProcessConfiguration properties: uuid: description: Unique identifier for the upgrade job. type: string example: 4732440c-dacb-45b2-b2f8-ee2fa1327a07 cookbook: description: Identifier for the cookbook used in the upgrade job. type: string example: 4732440c-dacb-45b2-b2f8-ee2fa1327a07 state: description: Current state of the upgrade job. type: string example: PENDING type: description: The type of upgrade job (e.g., VA_UPGRADE). type: string example: VA_UPGRADE targetId: description: Unique identifier of the target for the upgrade job. type: string example: 9fe8f1cc-2fd2-4675-a8cf-af4b43488ca2 managedProcessConfiguration: description: Configuration of the managed processes involved in the upgrade. type: object properties: charon: description: Configuration details for the 'charon' process. type: object required: - version - path - description - restartNeeded properties: version: description: Version of the 'charon' process. type: string example: '3047' path: description: Path to the 'charon' process. type: string example: sailpoint/charon description: description: A brief description of the 'charon' process. type: string example: version of charon used by the va restartNeeded: description: Indicates whether the process needs to be restarted. type: boolean example: true ccg: description: Configuration details for the 'ccg' process. type: object required: - version - path - description - restartNeeded - dependencies properties: version: description: Version of the 'ccg' process. type: string example: 1798_1054_241.0.0 path: description: Path to the 'ccg' process. type: string example: sailpoint/ccg description: description: A brief description of the 'ccg' process. type: string example: CCG Deployment through ops-cli restartNeeded: description: Indicates whether the process needs to be restarted. type: boolean example: true dependencies: description: A map of dependencies for the 'ccg' process. type: object additionalProperties: type: string example: IQService: 743/IQService-743.zip connector-bundle-jdbc: 432/connector-bundle-jdbc-432.zip connector-bundle-misc: 437/connector-bundle-misc-437.zip connector-bundle-unix: 242/connector-bundle-unix-242.zip connector-common-config: 208/connector-common-config-208.zip connector-bundle-filebased: 222/connector-bundle-filebased-222.zip connector-bundle-imprivata: 3/connector-bundle-imprivata-3.zip connector-bundle-mainframe: 211/connector-bundle-mainframe-211.zip connector-bundle-directories: 681/connector-bundle-directories-681.zip connector-bundle-sap-on-prem: 196/connector-bundle-sap-on-prem-196.zip connector-bundle-webservices: 1535/connector-bundle-webservices-1535.zip connector-bundle-sap-cloud-app: 175/connector-bundle-sap-cloud-app-175.zip connector-bundle-healthcare-epic: 302/connector-bundle-healthcare-epic-302.zip connector-bundle-hrms-oraclefusionhcm: 166/connector-bundle-hrms-oraclefusionhcm-166.zip connector-bundle-collaboration-connectors: 246/connector-bundle-collaboration-connectors-246.zip otel_agent: description: Configuration details for the 'otel_agent' process. type: object required: - version - path - description - restartNeeded properties: version: description: Version of the 'otel_agent' process. type: string example: '3003' path: description: Path to the 'otel_agent' process. type: string example: sailpoint/otel_agent description: description: A brief description of the 'otel_agent' process. type: string example: version of otel_agent used by the va restartNeeded: description: Indicates whether the process needs to be restarted. type: boolean example: true relay: description: Configuration details for the 'relay' process. type: object required: - version - path - description - restartNeeded properties: version: description: Version of the 'relay' process. type: string example: '3000' path: description: Path to the 'relay' process. type: string example: sailpoint/relay description: description: A brief description of the 'relay' process. type: string example: version of relay used by the va restartNeeded: description: Indicates whether the process needs to be restarted. type: boolean example: true toolbox: description: Configuration details for the 'toolbox' process. type: object required: - version - path - description - restartNeeded properties: version: description: Version of the 'toolbox' process. type: string example: '3004' path: description: Path to the 'toolbox' process. type: string example: sailpoint/toolbox description: description: A brief description of the 'toolbox' process. type: string example: version of toolbox used by the va restartNeeded: description: Indicates whether the process needs to be restarted. type: boolean example: true ManagedClusterType: description: Managed Cluster Type for Cluster upgrade configuration information type: object title: Managed Cluster Type required: - type - pod - org properties: id: description: ManagedClusterType ID readOnly: true type: string example: aClusterTypeId type: description: ManagedClusterType type name type: string example: idn pod: description: ManagedClusterType pod type: string example: megapod-useast1 org: description: ManagedClusterType org type: string example: denali-cjh managedProcessIds: type: array description: List of processes for the cluster type items: type: string example: - someId - someId2 MfaOktaConfig: type: object title: Mfa Okta Config properties: mfaMethod: type: string nullable: true description: Mfa method name example: okta-verify enabled: type: boolean description: If MFA method is enabled. default: false example: true host: type: string nullable: true description: The server host name or IP address of the MFA provider. example: example.com accessKey: type: string nullable: true description: The secret key for authenticating requests to the MFA provider. example: qw123Y3QlA5UqocYpdU3rEkzrK2D497y identityAttribute: type: string nullable: true description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider. example: email MfaDuoConfig: type: object title: Mfa Duo Config properties: mfaMethod: type: string nullable: true description: Mfa method name example: duo-web enabled: type: boolean description: If MFA method is enabled. default: false example: true host: type: string nullable: true description: The server host name or IP address of the MFA provider. example: example.com accessKey: type: string nullable: true description: The secret key for authenticating requests to the MFA provider. example: qw123Y3QlA5UqocYpdU3rEkzrK2D497y identityAttribute: type: string nullable: true description: Optional. The name of the attribute for mapping IdentityNow identity to the MFA provider. example: email configProperties: description: A map with additional config properties for the given MFA method - duo-web. type: object nullable: true additionalProperties: true example: skey: qwERttyZx1CdlQye2Vwtbsjr3HKddy4BAiCXjc5x ikey: Q123WE45R6TY7890ZXCV KbaQuestion: description: KBA Configuration type: object title: Kba Question properties: id: type: string nullable: false description: KBA Question Id example: 143cfd3b-c23f-426b-ae5f-d3db06fa5919 text: type: string nullable: false description: KBA Question description example: '[{"text":"Nouvelle question MFA -1 ?","locale":"fr"},{"text":"MFA new question -1 ?","locale":""}]' hasAnswer: type: boolean nullable: false description: Denotes whether the KBA question has an answer configured for any user in the tenant example: true numAnswers: type: integer format: int32 nullable: false description: Denotes the number of KBA configurations for this question example: 5 required: - id - text - hasAnswer - numAnswers KbaAnswerRequestItem: type: object title: Kba Answer Request Item properties: id: type: string nullable: false description: Question Id example: c54fee53-2d63-4fc5-9259-3e93b9994135 answer: type: string nullable: false description: An answer for the KBA question example: Your answer required: - id - answer KbaAnswerResponseItem: type: object title: Kba Answer Response Item properties: id: type: string nullable: false description: Question Id example: c54fee53-2d63-4fc5-9259-3e93b9994135 question: type: string nullable: false description: Question description example: '[{"text":"Nouvelle question MFA -1 ?","locale":"fr"},{"text":"MFA new question -1 ?","locale":""}]' hasAnswer: type: boolean nullable: false description: Denotes whether the KBA question has an answer configured for the current user example: true required: - id - question - hasAnswer MfaConfigTestResponse: description: Response model for configuration test of a given MFA method type: object title: Mfa Config Test Response properties: state: type: string enum: - SUCCESS - FAILED description: The configuration test result. example: SUCCESS readOnly: true error: type: string example: MFA Method is disabled. description: The error message to indicate the failure of configuration test. readOnly: true ManagerCorrelationMapping: type: object title: Manager Correlation Mapping properties: accountAttributeName: type: string description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. example: manager identityAttributeName: type: string description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. example: manager SourceFeature: type: array items: type: string enum: - AUTHENTICATE - COMPOSITE - DIRECT_PERMISSIONS - DISCOVER_SCHEMA - ENABLE - MANAGER_LOOKUP - NO_RANDOM_ACCESS - PROXY - SEARCH - TEMPLATE - UNLOCK - UNSTRUCTURED_TARGETS - SHAREPOINT_TARGET - PROVISIONING - GROUP_PROVISIONING - SYNC_PROVISIONING - PASSWORD - CURRENT_PASSWORD - ACCOUNT_ONLY_REQUEST - ADDITIONAL_ACCOUNT_REQUEST - NO_AGGREGATION - GROUPS_HAVE_MEMBERS - NO_PERMISSIONS_PROVISIONING - NO_GROUP_PERMISSIONS_PROVISIONING - NO_UNSTRUCTURED_TARGETS_PROVISIONING - NO_DIRECT_PERMISSIONS_PROVISIONING - PREFER_UUID - ARM_SECURITY_EXTRACT - ARM_UTILIZATION_EXTRACT - ARM_CHANGELOG_EXTRACT - USES_UUID - APPLICATION_DISCOVERY - DELETE example: AUTHENTICATE description: |- Optional features that can be supported by a source. Modifying the features array may cause source configuration errors that are unsupportable. It is recommended to not modify this array for SailPoint supported connectors. * AUTHENTICATE: The source supports pass-through authentication. * COMPOSITE: The source supports composite source creation. * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. * ENABLE The source supports reading if an account is enabled or disabled. * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. * SEARCH * TEMPLATE * UNLOCK: The source supports reading if an account is locked or unlocked. * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. * SYNC_PROVISIONING: The source can provision accounts synchronously. * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. * CURRENT_PASSWORD: Some source types support verification of the current password * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. * NO_AGGREGATION: A source that does not support aggregation. * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. * USES_UUID: Connectivity 2.0 flag used to indicate that the connector supports a compound naming structure. * PREFER_UUID: Used in ISC Provisioning AND Aggregation to decide if it should prefer account.uuid to account.nativeIdentity when data is read in through aggregation OR pushed out through provisioning. * ARM_SECURITY_EXTRACT: Indicates the application supports Security extracts for ARM * ARM_UTILIZATION_EXTRACT: Indicates the application supports Utilization extracts for ARM * ARM_CHANGELOG_EXTRACT: Indicates the application supports Change-log extracts for ARM example: - PROVISIONING - NO_PERMISSIONS_PROVISIONING - GROUPS_HAVE_MEMBERS MultiHostIntegrations: type: object title: Multi Host Integrations properties: id: type: string readOnly: true description: Multi-Host Integration ID. example: 2c91808568c529c60168cca6f90c1324 name: type: string description: Multi-Host Integration's human-readable name. example: My Multi-Host Integration description: type: string description: Multi-Host Integration's human-readable description. example: This is a Multi-Host Integration. owner: description: Reference to identity object who owns the source. type: object properties: type: description: Type of object being referenced. type: string enum: - IDENTITY example: IDENTITY id: type: string description: Owner identity's ID. example: 2c91808568c529c60168cca6f90c1313 name: type: string description: Owner identity's human-readable display name. example: MyName cluster: description: Reference to the source's associated cluster. type: object nullable: true required: - name - id - type properties: type: description: Type of object being referenced. type: string enum: - CLUSTER example: CLUSTER id: type: string description: Cluster ID. example: 2c9180866166b5b0016167c32ef31a66 name: type: string description: Cluster's human-readable display name. example: Corporate Cluster accountCorrelationConfig: description: Reference to account correlation config object. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - ACCOUNT_CORRELATION_CONFIG example: ACCOUNT_CORRELATION_CONFIG id: type: string description: Account correlation config ID. example: 2c9180855d191c59015d28583727245a name: type: string description: Account correlation config's human-readable display name. example: Directory [source-62867] Account Correlation accountCorrelationRule: description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - RULE example: RULE id: type: string description: Rule ID. example: 2c918085708c274401708c2a8a760001 name: type: string description: Rule's human-readable display name. example: Example Rule managerCorrelationMapping: allOf: - $ref: '#/components/schemas/ManagerCorrelationMapping' - nullable: true description: | Filter object used during manager correlation to match incoming manager values to an existing manager's account/identity. managerCorrelationRule: description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - RULE example: RULE id: type: string description: Rule ID. example: 2c918085708c274401708c2a8a760001 name: type: string description: Rule's human-readable display name. example: Example Rule beforeProvisioningRule: description: Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - RULE example: RULE id: type: string description: Rule ID. example: 2c918085708c274401708c2a8a760001 name: type: string description: Rule's human-readable display name. example: Example Rule schemas: type: array items: type: object properties: type: description: Type of object being referenced. type: string enum: - CONNECTOR_SCHEMA example: CONNECTOR_SCHEMA id: type: string description: Schema ID. example: 2c91808568c529c60168cca6f90c1777 name: type: string description: Schema's human-readable display name. example: MySchema description: List of references to schema objects. example: - type: CONNECTOR_SCHEMA id: 2c9180835d191a86015d28455b4b232a name: account - type: CONNECTOR_SCHEMA id: 2c9180835d191a86015d28455b4b232b name: group passwordPolicies: type: array nullable: true items: type: object properties: type: description: Type of object being referenced. type: string enum: - PASSWORD_POLICY example: PASSWORD_POLICY id: type: string description: Policy ID. example: 2c91808568c529c60168cca6f90c1777 name: type: string description: Policy's human-readable display name. example: My Password Policy description: List of references to the associated PasswordPolicy objects. example: - type: PASSWORD_POLICY id: 2c9180855d191c59015d291ceb053980 name: Corporate Password Policy - type: PASSWORD_POLICY id: 2c9180855d191c59015d291ceb057777 name: Vendor Password Policy features: $ref: '#/components/schemas/SourceFeature' type: type: string description: 'Specifies the type of system being managed e.g. Workday, Multi-Host - Microsoft SQL Server, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. ' example: Multi-Host - Microsoft SQL Server connector: type: string description: Connector script name. example: multihost-microsoft-sql-server connectorClass: type: string description: Fully qualified name of the Java class that implements the connector interface. example: sailpoint.connector.OpenConnectorAdapter connectorAttributes: type: object additionalProperties: type: string description: Connector specific configuration. This configuration will differ for Multi-Host Integration type. properties: maxAllowedSources: type: integer format: int32 description: Maximum sources allowed count of a Multi-Host Integration example: 250 lastSourceUploadCount: type: integer format: int32 description: Last upload sources count of a Multi-Host Integration example: 40 connectorFileUploadHistory: type: object properties: connectorFileNameUploadedDate: description: File name of the connector JAR type: string example: '2024-08-29T10:20:38.896479Z' multihost_status: type: string enum: - ready - processing - fileUploadInProgress - sourceCreationInProgress - aggregationGroupingInProgress - aggregationScheduleInProgress - deleteInProgress - deleteFailed description: Multi-Host integration status. example: ready showAccountSchema: description: Show account schema type: boolean example: true default: true showEntitlementSchema: description: Show entitlement schema type: boolean example: true default: true multiHostAttributes: type: object description: Attributes of Multi-Host Integration properties: password: description: Password. type: string example: Password connector_files: type: string description: Connector file. example: mssql-jdbc-8.4.1.jre8.jar authType: type: string description: Authentication type. example: SQLAuthentication user: type: string description: Username. example: My Username example: multiHostAttributes: password: Password user: Username connector_files: mssql-jdbc-8.4.1.jre8.jar authType: SQLAuthentication connectorFileUploadHistory: connectorFileNameUploadedDate: '2024-08-29T10:20:38.896479Z' maxAllowedSources: 30 lastSourceUploadCount: 50 showEntitlementSchema: true showAccountSchema: true multihost_status: ready deleteThreshold: type: integer format: int32 minimum: 0 maximum: 100 description: Number from 0 to 100 that specifies when to skip the delete phase. example: 10 authoritative: type: boolean description: When this is true, it indicates that the source is referenced by an identity profile. default: false example: false managementWorkgroup: description: Reference to management workgroup for the source. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - GOVERNANCE_GROUP example: GOVERNANCE_GROUP id: type: string description: Management workgroup ID. example: 2c91808568c529c60168cca6f90c2222 name: type: string description: Management workgroup's human-readable display name. example: My Management Workgroup healthy: type: boolean description: When this is true, it indicates that the source is healthy. default: false example: true status: type: string enum: - SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT - SOURCE_STATE_ERROR_CLUSTER - SOURCE_STATE_ERROR_SOURCE - SOURCE_STATE_ERROR_VA - SOURCE_STATE_FAILURE_CLUSTER - SOURCE_STATE_FAILURE_SOURCE - SOURCE_STATE_HEALTHY - SOURCE_STATE_UNCHECKED_CLUSTER - SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES - SOURCE_STATE_UNCHECKED_SOURCE - SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS description: 'Status identifier that gives specific information about why a source is or isn''t healthy. ' example: SOURCE_STATE_HEALTHY since: type: string format: date-time description: Timestamp that shows when a source health check was last performed. example: '2021-09-28T15:48:29.3801666300Z' connectorId: type: string description: Connector ID example: multihost-microsoft-sql-server connectorName: type: string description: Name of the connector that was chosen during source creation. example: Multi-Host Microsoft SQL Server connectionType: type: string enum: - direct - file description: Type of connection (direct or file). example: direct connectorImplementationId: type: string description: Connector implementation ID. example: multihost-microsoft-sql-server created: type: string description: Date-time when the source was created format: date-time example: '2022-02-08T14:50:03.827Z' modified: type: string description: Date-time when the source was last modified. format: date-time example: '2024-01-23T18:08:50.897Z' credentialProviderEnabled: type: boolean description: If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials. default: false example: false category: type: string nullable: true default: null description: Source category (e.g. null, CredentialProvider). example: CredentialProvider accountsFile: description: Reference to accounts file for the source. type: object nullable: true properties: name: description: Name of the accounts file. type: string example: My Accounts File key: type: string description: The accounts file key. example: 2c91808568c529c60168cca6f90c2222 uploadTime: type: string description: Date-time when the file was uploaded format: date-time example: '2022-02-08T14:50:03.827Z' expiry: type: string description: Date-time when the accounts file expired. format: date-time example: '2022-02-08T14:50:03.827Z' expired: type: boolean default: false description: If this is true, it indicates that the accounts file has expired. example: false required: - name - owner - connector - description - id MultiHostIntegrationsCreate: type: object title: Multi Host Integrations Create properties: name: type: string description: Multi-Host Integration's human-readable name. example: My Multi-Host Integration description: type: string description: Multi-Host Integration's human-readable description. example: This is the Multi-Host Integration. owner: description: Reference to identity object who owns the source. type: object properties: type: description: Type of object being referenced. type: string enum: - IDENTITY example: IDENTITY id: type: string description: Owner identity's ID. example: 2c91808568c529c60168cca6f90c1313 name: type: string description: Owner identity's human-readable display name. example: MyName cluster: description: Reference to the source's associated cluster. type: object nullable: true required: - name - id - type properties: type: description: Type of object being referenced. type: string enum: - CLUSTER example: CLUSTER id: type: string description: Cluster ID. example: 2c9180866166b5b0016167c32ef31a66 name: type: string description: Cluster's human-readable display name. example: Corporate Cluster connector: type: string description: Connector script name. example: multihost-microsoft-sql-server connectorAttributes: type: object additionalProperties: true description: Multi-Host Integration specific configuration. User can add any number of additional attributes. e.g. maxSourcesPerAggGroup, maxAllowedSources etc. example: maxSourcesPerAggGroup: 10 maxAllowedSources: 300 managementWorkgroup: description: Reference to management workgroup for the source. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - GOVERNANCE_GROUP example: GOVERNANCE_GROUP id: type: string description: Management workgroup ID. example: 2c91808568c529c60168cca6f90c2222 name: type: string description: Management workgroup's human-readable display name. example: My Management Workgroup created: type: string description: Date-time when the source was created format: date-time example: '2022-02-08T14:50:03.827Z' modified: type: string description: Date-time when the source was last modified. format: date-time example: '2024-01-23T18:08:50.897Z' required: - name - owner - connector - description MultiHostIntegrationTemplateType: description: This represents a Multi-Host Integration template type. required: - type - scriptName type: object title: Multi Host Integration Template Type properties: name: description: This is the name of the type. example: aName type: string type: description: This is the type value for the type. example: aType type: string scriptName: description: This is the scriptName attribute value for the type. example: aScriptName type: string MultiHostIntegrationsCreateSources: description: This represents sources to be created of same type. required: - name type: object title: Multi Host Integrations Create Sources properties: name: type: string description: Source's human-readable name. example: My Source description: type: string description: Source's human-readable description. example: This is the corporate directory. connectorAttributes: type: object additionalProperties: true description: Connector specific configuration. This configuration will differ from type to type. example: authType: SQLAuthentication url: jdbc:sqlserver://178.18.41.118:1433 user: username driverClass: com.microsoft.sqlserver.jdbc.SQLServerDriver maxSourcesPerAggGroup: 10 maxAllowedSources: 300 MultiHostSources: type: object title: Multi Host Sources properties: id: type: string readOnly: true description: Source ID. example: 2c91808568c529c60168cca6f90c1324 name: type: string description: Source's human-readable name. example: My Source description: type: string description: Source's human-readable description. example: This is the Source. owner: description: Reference to identity object who owns the source. type: object properties: type: description: Type of object being referenced. type: string enum: - IDENTITY example: IDENTITY id: type: string description: Owner identity's ID. example: 2c91808568c529c60168cca6f90c1313 name: type: string description: Owner identity's human-readable display name. example: MyName cluster: description: Reference to the source's associated cluster. type: object nullable: true required: - name - id - type properties: type: description: Type of object being referenced. type: string enum: - CLUSTER example: CLUSTER id: type: string description: Cluster ID. example: 2c9180866166b5b0016167c32ef31a66 name: type: string description: Cluster's human-readable display name. example: Corporate Cluster accountCorrelationConfig: description: Reference to account correlation config object. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - ACCOUNT_CORRELATION_CONFIG example: ACCOUNT_CORRELATION_CONFIG id: type: string description: Account correlation config ID. example: 2c9180855d191c59015d28583727245a name: type: string description: Account correlation config's human-readable display name. example: Directory [source-62867] Account Correlation accountCorrelationRule: description: Reference to a rule that can do COMPLEX correlation. Only use this rule when you can't use accountCorrelationConfig. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - RULE example: RULE id: type: string description: Rule ID. example: 2c918085708c274401708c2a8a760001 name: type: string description: Rule's human-readable display name. example: Example Rule managerCorrelationMapping: $ref: '#/components/schemas/ManagerCorrelationMapping' managerCorrelationRule: description: Reference to the ManagerCorrelationRule. Only use this rule when a simple filter isn't sufficient. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - RULE example: RULE id: type: string description: Rule ID. example: 2c918085708c274401708c2a8a760001 name: type: string description: Rule's human-readable display name. example: Example Rule beforeProvisioningRule: description: 'Rule that runs on the CCG and allows for customization of provisioning plans before the API calls the connector. ' type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - RULE example: RULE id: type: string description: Rule ID. example: 2c918085708c274401708c2a8a760001 name: type: string description: Rule's human-readable display name. example: Example Rule schemas: type: array items: type: object properties: type: description: Type of object being referenced. type: string enum: - CONNECTOR_SCHEMA example: CONNECTOR_SCHEMA id: type: string description: Schema ID. example: 2c91808568c529c60168cca6f90c1777 name: type: string description: Schema's human-readable display name. example: MySchema description: List of references to schema objects. example: - type: CONNECTOR_SCHEMA id: 2c9180835d191a86015d28455b4b232a name: account - type: CONNECTOR_SCHEMA id: 2c9180835d191a86015d28455b4b232b name: group passwordPolicies: type: array nullable: true items: type: object properties: type: description: Type of object being referenced. type: string enum: - PASSWORD_POLICY example: PASSWORD_POLICY id: type: string description: Policy ID. example: 2c91808568c529c60168cca6f90c1777 name: type: string description: Policy's human-readable display name. example: My Password Policy description: List of references to the associated PasswordPolicy objects. example: - type: PASSWORD_POLICY id: 2c9180855d191c59015d291ceb053980 name: Corporate Password Policy - type: PASSWORD_POLICY id: 2c9180855d191c59015d291ceb057777 name: Vendor Password Policy features: $ref: '#/components/schemas/SourceFeature' type: type: string description: 'Specifies the type of system being managed e.g. Multi-Host - Microsoft SQL Server, Workday, etc.. If you are creating a delimited file source, you must set the `provisionasCsv` query parameter to `true`. ' example: Multi-Host - Microsoft SQL Server connector: type: string description: Connector script name. example: multihost-microsoft-sql-server connectorClass: type: string description: Fully qualified name of the Java class that implements the connector interface. example: sailpoint.connector.OpenConnectorAdapter connectorAttributes: type: object additionalProperties: true description: Connector specific configuration. This configuration will differ from type to type. example: healthCheckTimeout: 30 authSearchAttributes: - cn - uid - mail deleteThreshold: type: integer format: int32 minimum: 0 maximum: 100 description: Number from 0 to 100 that specifies when to skip the delete phase. example: 10 authoritative: type: boolean description: When this is true, it indicates that the source is referenced by an identity profile. default: false example: false managementWorkgroup: description: Reference to management workgroup for the source. type: object nullable: true properties: type: description: Type of object being referenced. type: string enum: - GOVERNANCE_GROUP example: GOVERNANCE_GROUP id: type: string description: Management workgroup ID. example: 2c91808568c529c60168cca6f90c2222 name: type: string description: Management workgroup's human-readable display name. example: My Management Workgroup healthy: type: boolean description: When this is true, it indicates that the source is healthy. default: false example: true status: type: string enum: - SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT - SOURCE_STATE_ERROR_CLUSTER - SOURCE_STATE_ERROR_SOURCE - SOURCE_STATE_ERROR_VA - SOURCE_STATE_FAILURE_CLUSTER - SOURCE_STATE_FAILURE_SOURCE - SOURCE_STATE_HEALTHY - SOURCE_STATE_UNCHECKED_CLUSTER - SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES - SOURCE_STATE_UNCHECKED_SOURCE - SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS description: 'Status identifier that gives specific information about why a source is or isn''t healthy. ' example: SOURCE_STATE_HEALTHY since: type: string format: date-time description: Timestamp that shows when a source health check was last performed. example: '2021-09-28T15:48:29.3801666300Z' connectorId: type: string description: Connector ID example: multihost-microsoft-sql-server connectorName: type: string description: Name of the connector that was chosen during source creation. example: Multi-Host Microsoft SQL Server connectionType: type: string description: Type of connection (direct or file). example: file connectorImplementationId: type: string description: Connector implementation ID. example: multihost-microsoft-sql-server created: type: string description: Date-time when the source was created format: date-time example: '2022-02-08T14:50:03.827Z' modified: type: string description: Date-time when the source was last modified. format: date-time example: '2024-01-23T18:08:50.897Z' credentialProviderEnabled: type: boolean description: If this is true, it enables a credential provider for the source. If credentialProvider is turned on, then the source can use credential provider(s) to fetch credentials. default: false example: false category: type: string nullable: true default: null description: Source category (e.g. null, CredentialProvider). example: CredentialProvider required: - name - owner - connector - id - connectorName SourceCreationErrors: type: object title: Source Creation Errors properties: multihostId: type: string readOnly: true description: Multi-Host Integration ID. example: 2c91808568c529c60168cca6f90c1324 source_name: type: string description: Source's human-readable name. example: My Source source_error: type: string description: Source's human-readable description. example: Source with internal name "My Source [source]" already exists. created: type: string description: Date-time when the source was created format: date-time example: '2022-02-08T14:50:03.827Z' modified: type: string description: Date-time when the source was last modified. format: date-time example: '2024-01-23T18:08:50.897Z' operation: type: string nullable: true default: null description: operation category (e.g. DELETE). example: DELETE MultiHostIntegrationsAggScheduleUpdate: allOf: - type: object description: Multi-Host Integration's aggregation schedule specification. required: - multihostId - aggregation_grp_id - aggregation_grp_name - aggregation_cron_schedule - enableSchedule - source_id_list properties: multihostId: description: Multi-Host Integration ID. The ID must be unique type: string example: 004091cb79b04636b88662afa50a4456 aggregation_grp_id: description: Multi-Host Integration aggregation group ID type: string example: 004091cb79b04636b88662afa50a4448 aggregation_grp_name: description: Multi-Host Integration name type: string example: Multi-Host Integration aggregation group name aggregation_cron_schedule: description: Cron expression to schedule aggregation type: string example: 0 0 0 * * ? enableSchedule: description: |- Boolean value for Multi-Host Integration aggregation schedule. This specifies if scheduled aggregation is enabled or disabled. type: boolean default: false example: false source_id_list: description: Source IDs of the Multi-Host Integration type: array items: type: string example: - 004091cb79b04636b88662afa50a4440 - 00af6d0d562a49b591c47be908740542 created: description: Created date of Multi-Host Integration aggregation schedule type: string format: date-time example: '2024-01-23T18:08:50.897Z' modified: description: Modified date of Multi-Host Integration aggregation schedule type: string format: date-time example: '2024-01-23T18:08:50.897Z' NonEmployeeRecord: type: object properties: id: type: string format: UUID description: Non-Employee record id. example: ef38f94347e94562b5bb8424a56397d8 accountName: type: string description: Requested identity account name. example: Abby.Smith firstName: type: string description: Non-Employee's first name. example: William lastName: type: string description: Non-Employee's last name. example: Smith email: type: string description: Non-Employee's email. example: william.smith@example.com phone: type: string description: Non-Employee's phone. example: '5125555555' manager: type: string description: The account ID of a valid identity to serve as this non-employee's manager. example: jane.doe sourceId: type: string description: Non-Employee's source id. example: 2c91808568c529c60168cca6f90c1313 data: type: object additionalProperties: type: string description: Additional attributes for a non-employee. Up to 10 custom attributes can be added. example: description: Auditing startDate: type: string format: date-time description: Non-Employee employment start date. example: '2019-08-23T18:52:59.162Z' endDate: type: string format: date-time description: Non-Employee employment end date. example: '2020-08-23T18:52:59.162Z' modified: type: string format: date-time description: When the request was last modified. example: '2019-08-23T18:52:59.162Z' created: type: string format: date-time description: When the request was created. example: '2019-08-23T18:40:35.772Z' NonEmployeeRequestBody: type: object properties: accountName: type: string description: Requested identity account name. example: william.smith firstName: type: string description: Non-Employee's first name. example: William lastName: type: string description: Non-Employee's last name. example: Smith email: type: string description: Non-Employee's email. example: william.smith@example.com phone: type: string description: Non-Employee's phone. example: '5125555555' manager: type: string description: The account ID of a valid identity to serve as this non-employee's manager. example: jane.doe sourceId: type: string description: Non-Employee's source id. example: 2c91808568c529c60168cca6f90c1313 data: type: object additionalProperties: type: string description: Additional attributes for a non-employee. Up to 10 custom attributes can be added. example: description: Auditing startDate: type: string format: date-time description: Non-Employee employment start date. example: '2020-03-24T00:00:00-05:00' endDate: type: string format: date-time description: Non-Employee employment end date. example: '2021-03-25T00:00:00-05:00' required: - accountName - firstName - lastName - email - phone - manager - sourceId - startDate - endDate NonEmployeeSourceLite: type: object properties: id: type: string format: UUID description: Non-Employee source id. example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 sourceId: type: string description: Source Id associated with this non-employee source. example: 2c91808568c529c60168cca6f90c1313 name: type: string description: Source name associated with this non-employee source. example: Retail description: type: string description: Source description associated with this non-employee source. example: Source description NonEmployeeIdentityDtoType: type: string enum: - GOVERNANCE_GROUP - IDENTITY example: IDENTITY description: Identifies if the identity is a normal identity or a governance group NonEmployeeIdentityReferenceWithId: type: object properties: type: $ref: '#/components/schemas/NonEmployeeIdentityDtoType' id: type: string description: Identity id example: 5168015d32f890ca15812c9180835d2e ApprovalStatus: type: string enum: - APPROVED - REJECTED - PENDING - NOT_READY - CANCELLED description: Enum representing the non-employee request approval status example: APPROVED NonEmployeeApprovalItemBase: type: object properties: id: type: string format: UUID description: Non-Employee approval item id example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c approver: $ref: '#/components/schemas/NonEmployeeIdentityReferenceWithId' description: Reference to the associated Identity accountName: type: string description: Requested identity account name example: test.account approvalStatus: $ref: '#/components/schemas/ApprovalStatus' approvalOrder: type: number description: Approval order example: 1 format: float comment: type: string description: comment of approver example: I approve modified: type: string format: date-time description: When the request was last modified. example: '2019-08-23T18:52:59.162Z' created: type: string format: date-time description: When the request was created. example: '2019-08-23T18:40:35.772Z' NonEmployeeRequest: allOf: - $ref: '#/components/schemas/NonEmployeeSourceLite' - type: object properties: accountName: type: string description: Requested identity account name. example: william.smith firstName: type: string description: Non-Employee's first name. example: William lastName: type: string description: Non-Employee's last name. example: Smith email: type: string description: Non-Employee's email. example: william.smith@example.com phone: type: string description: Non-Employee's phone. example: '5125555555' manager: type: string description: The account ID of a valid identity to serve as this non-employee's manager. example: jane.doe nonEmployeeSource: $ref: '#/components/schemas/NonEmployeeSourceLite' data: type: object additionalProperties: type: string description: Additional attributes for a non-employee. Up to 10 custom attributes can be added. example: description: Auditing approvalItems: description: List of approval item for the request type: array items: $ref: '#/components/schemas/NonEmployeeApprovalItemBase' approvalStatus: $ref: '#/components/schemas/ApprovalStatus' comment: type: string description: Comment of requester example: approved completionDate: type: string format: date-time description: When the request was completely approved. example: '2020-03-24T11:11:41.139-05:00' startDate: type: string format: date-time description: Non-Employee employment start date. example: '2020-03-24T00:00:00-05:00' endDate: type: string format: date-time description: Non-Employee employment end date. example: '2021-03-25T00:00:00-05:00' modified: type: string format: date-time description: When the request was last modified. example: '2020-03-24T11:11:41.139-05:00' created: type: string format: date-time description: When the request was created. example: '2020-03-24T11:11:41.139-05:00' NonEmployeeRequestSummary: type: object properties: approved: type: integer description: The number of approved non-employee requests on all sources that *requested-for* user manages. example: 2 format: int32 rejected: type: integer description: The number of rejected non-employee requests on all sources that *requested-for* user manages. example: 2 format: int32 pending: type: integer description: The number of pending non-employee requests on all sources that *requested-for* user manages. example: 2 format: int32 nonEmployeeCount: type: integer description: The number of non-employee records on all sources that *requested-for* user manages. example: 2 format: int32 NonEmployeeSource: allOf: - $ref: '#/components/schemas/NonEmployeeSourceLite' - type: object properties: approvers: description: List of approvers type: array items: $ref: '#/components/schemas/NonEmployeeIdentityReferenceWithId' accountManagers: description: List of account managers type: array items: $ref: '#/components/schemas/NonEmployeeIdentityReferenceWithId' modified: type: string format: date-time description: When the request was last modified. example: '2019-08-23T18:52:59.162Z' created: type: string format: date-time description: When the request was created. example: '2019-08-23T18:40:35.772Z' NonEmployeeSourceWithNECount: allOf: - $ref: '#/components/schemas/NonEmployeeSource' - type: object properties: nonEmployeeCount: type: integer description: Number of non-employee records associated with this source. This value is 'NULL' by default. To get the non-employee count, you must set the `non-employee-count` flag in your request to 'true'. format: int32 example: 120 nullable: true NonEmployeeIdnUserRequest: type: object properties: id: type: string format: UUID description: Identity id. example: 2c91808570313110017040b06f344ec9 required: - id NonEmployeeSourceRequestBody: type: object properties: name: type: string description: Name of non-employee source. example: Retail description: type: string description: Description of non-employee source. example: Source description owner: description: Owner of non-employee source. $ref: '#/components/schemas/NonEmployeeIdnUserRequest' managementWorkgroup: type: string description: The ID for the management workgroup that contains source sub-admins example: '123299' approvers: description: List of approvers. type: array items: $ref: '#/components/schemas/NonEmployeeIdnUserRequest' maxItems: 3 accountManagers: description: List of account managers. type: array items: $ref: '#/components/schemas/NonEmployeeIdnUserRequest' maxItems: 10 required: - owner - name - description NonEmployeeSourceWithCloudExternalId: allOf: - $ref: '#/components/schemas/NonEmployeeSource' - type: object properties: cloudExternalId: type: string description: Legacy ID used for sources from the V1 API. This attribute will be removed from a future version of the API and will not be considered a breaking change. No clients should rely on this ID always being present. example: '99999' NonEmployeeBulkUploadJob: type: object properties: id: type: string description: The bulk upload job's ID. (UUID) example: 2c91808568c529c60168cca6f90cffff sourceId: type: string description: The ID of the source to bulk-upload non-employees to. (UUID) example: 2c91808568c529c60168cca6f90c1313 created: type: string format: date-time description: The date-time the job was submitted. example: '2019-08-23T18:52:59.162Z' modified: type: string format: date-time description: The date-time that the job was last updated. example: '2019-08-23T18:52:59.162Z' status: type: string enum: - PENDING - IN_PROGRESS - COMPLETED - ERROR description: | Returns the following values indicating the progress or result of the bulk upload job. "PENDING" means the job is queued and waiting to be processed. "IN_PROGRESS" means the job is currently being processed. "COMPLETED" means the job has been completed without any errors. "ERROR" means the job failed to process with errors. example: PENDING NonEmployeeBulkUploadStatus: type: object properties: status: type: string enum: - PENDING - IN_PROGRESS - COMPLETED - ERROR description: | Returns the following values indicating the progress or result of the bulk upload job. "PENDING" means the job is queued and waiting to be processed. "IN_PROGRESS" means the job is currently being processed. "COMPLETED" means the job has been completed without any errors. "ERROR" means the job failed to process with errors. null means job has been submitted to the source. example: PENDING NonEmployeeRequestLite: type: object properties: id: type: string format: UUID description: Non-Employee request id. example: ac110005-7156-1150-8171-5b292e3e0084 requester: $ref: '#/components/schemas/NonEmployeeIdentityReferenceWithId' example: type: IDENTITY id: 2c9180866166b5b0016167c32ef31a66 name: William Smith NonEmployeeApprovalItem: allOf: - $ref: '#/components/schemas/NonEmployeeApprovalItemBase' - type: object properties: nonEmployeeRequest: $ref: '#/components/schemas/NonEmployeeRequestLite' NonEmployeeSchemaAttributeType: type: string enum: - TEXT - DATE - IDENTITY description: Enum representing the type of data a schema attribute accepts. example: TEXT NonEmployeeSchemaAttribute: type: object properties: id: type: string format: UUID example: ac110005-7156-1150-8171-5b292e3e0084 description: Schema Attribute Id system: type: boolean description: True if this schema attribute is mandatory on all non-employees sources. example: true default: false modified: type: string format: date-time description: When the schema attribute was last modified. example: '2019-08-23T18:52:59.162Z' created: type: string format: date-time description: When the schema attribute was created. example: '2019-08-23T18:40:35.772Z' type: $ref: '#/components/schemas/NonEmployeeSchemaAttributeType' label: type: string description: Label displayed on the UI for this schema attribute. example: Account Name technicalName: type: string description: The technical name of the attribute. Must be unique per source. example: account.name helpText: type: string description: help text displayed by UI. example: The unique identifier for the account placeholder: type: string description: Hint text that fills UI box. example: Enter a unique user name for this account. required: type: boolean description: If true, the schema attribute is required for all non-employees in the source example: true default: false required: - type - technicalName - label NonEmployeeSourceLiteWithSchemaAttributes: allOf: - $ref: '#/components/schemas/NonEmployeeSourceLite' - type: object properties: schemaAttributes: description: List of schema attributes associated with this non-employee source. type: array items: $ref: '#/components/schemas/NonEmployeeSchemaAttribute' NonEmployeeRequestWithoutApprovalItem: allOf: - $ref: '#/components/schemas/NonEmployeeRequestLite' - type: object properties: accountName: type: string description: Requested identity account name. example: william.smith firstName: type: string description: Non-Employee's first name. example: William lastName: type: string description: Non-Employee's last name. example: Smith email: type: string description: Non-Employee's email. example: william.smith@example.com phone: type: string description: Non-Employee's phone. example: '5125555555' manager: type: string description: The account ID of a valid identity to serve as this non-employee's manager. example: jane.doe nonEmployeeSource: $ref: '#/components/schemas/NonEmployeeSourceLiteWithSchemaAttributes' data: type: object additionalProperties: type: string description: Additional attributes for a non-employee. Up to 10 custom attributes can be added. example: description: Auditing approvalStatus: $ref: '#/components/schemas/ApprovalStatus' comment: type: string description: Comment of requester example: approved completionDate: type: string format: date-time description: When the request was completely approved. example: '2020-03-24T11:11:41.139-05:00' startDate: type: string format: date description: Non-Employee employment start date. example: '2020-03-24' endDate: type: string format: date description: Non-Employee employment end date. example: '2021-03-25' modified: type: string format: date-time description: When the request was last modified. example: '2020-03-24T11:11:41.139-05:00' created: type: string format: date-time description: When the request was created. example: '2020-03-24T11:11:41.139-05:00' NonEmployeeApprovalItemDetail: allOf: - $ref: '#/components/schemas/NonEmployeeApprovalItemBase' - type: object properties: nonEmployeeRequest: $ref: '#/components/schemas/NonEmployeeRequestWithoutApprovalItem' description: Non-Employee request associated to this approval NonEmployeeApprovalDecision: type: object properties: comment: type: string description: Comment on the approval item. maxLength: 4000 example: Approved by manager NonEmployeeRejectApprovalDecision: type: object properties: comment: type: string description: Comment on the approval item. maxLength: 4000 example: approved required: - comment NonEmployeeApprovalSummary: type: object properties: approved: type: integer description: The number of approved non-employee approval requests. format: int32 example: 2 pending: type: integer description: The number of pending non-employee approval requests. format: int32 example: 2 rejected: type: integer description: The number of rejected non-employee approval requests. format: int32 example: 2 NonEmployeeSchemaAttributeBody: type: object properties: type: type: string description: Type of the attribute. Only type 'TEXT' is supported for custom attributes. example: TEXT label: type: string description: Label displayed on the UI for this schema attribute. example: Account Name technicalName: type: string description: The technical name of the attribute. Must be unique per source. example: account.name helpText: type: string description: help text displayed by UI. example: The unique identifier for the account placeholder: type: string description: Hint text that fills UI box. example: Enter a unique user name for this account. required: type: boolean description: If true, the schema attribute is required for all non-employees in the source example: true required: - type - technicalName - label GrantType: description: OAuth2 Grant Type type: string example: CLIENT_CREDENTIALS enum: - CLIENT_CREDENTIALS - AUTHORIZATION_CODE - REFRESH_TOKEN AccessType: type: string enum: - ONLINE - OFFLINE description: Access type of API Client indicating online or offline use example: OFFLINE ClientType: type: string enum: - CONFIDENTIAL - PUBLIC description: Type of an API Client indicating public or confidentials use example: CONFIDENTIAL GetOAuthClientResponse: type: object title: Get O Auth Client Response properties: id: type: string description: ID of the OAuth client example: 2c9180835d2e5168015d32f890ca1581 businessName: type: string nullable: true description: The name of the business the API Client should belong to example: Acme-Solar homepageUrl: type: string nullable: true description: The homepage URL associated with the owner of the API Client example: http://localhost:12345 name: type: string description: A human-readable name for the API Client example: Demo API Client description: type: string nullable: true description: A description of the API Client example: An API client used for the authorization_code, refresh_token, and client_credentials flows accessTokenValiditySeconds: type: integer format: int32 description: The number of seconds an access token generated for this API Client is valid for example: 750 refreshTokenValiditySeconds: type: integer format: int32 description: The number of seconds a refresh token generated for this API Client is valid for example: 86400 redirectUris: type: array nullable: true items: type: string description: A list of the approved redirect URIs used with the authorization_code flow example: - http://localhost:12345 grantTypes: type: array items: $ref: '#/components/schemas/GrantType' description: A list of OAuth 2.0 grant types this API Client can be used with example: - AUTHORIZATION_CODE - CLIENT_CREDENTIALS - REFRESH_TOKEN accessType: $ref: '#/components/schemas/AccessType' description: The access type (online or offline) of this API Client example: OFFLINE type: $ref: '#/components/schemas/ClientType' description: The type of the API Client (public or confidential) example: CONFIDENTIAL internal: type: boolean description: An indicator of whether the API Client can be used for requests internal to IDN example: false enabled: type: boolean description: An indicator of whether the API Client is enabled for use example: true strongAuthSupported: type: boolean description: An indicator of whether the API Client supports strong authentication example: false claimsSupported: type: boolean description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow example: false created: type: string format: date-time description: The date and time, down to the millisecond, when the API Client was created example: '2017-07-11T18:45:37.098Z' modified: type: string format: date-time description: The date and time, down to the millisecond, when the API Client was last updated example: '2018-06-25T20:22:28.104Z' secret: type: string nullable: true metadata: type: string nullable: true lastUsed: type: string nullable: true format: date-time description: The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed. example: '2017-07-11T18:45:37.098Z' scope: type: array nullable: true items: type: string default: sp:scopes:all description: Scopes of the API Client. example: - demo:api-client-scope:first - demo:api-client-scope:second required: - id - businessName - homepageUrl - name - description - accessTokenValiditySeconds - refreshTokenValiditySeconds - redirectUris - grantTypes - accessType - type - internal - enabled - strongAuthSupported - claimsSupported - created - modified - scope CreateOAuthClientRequest: type: object title: Create O Auth Client Request properties: businessName: type: string nullable: true description: The name of the business the API Client should belong to example: Acme-Solar homepageUrl: type: string nullable: true description: The homepage URL associated with the owner of the API Client example: http://localhost:12345 name: type: string nullable: true description: A human-readable name for the API Client example: Demo API Client description: type: string nullable: true description: A description of the API Client example: An API client used for the authorization_code, refresh_token, and client_credentials flows accessTokenValiditySeconds: description: The number of seconds an access token generated for this API Client is valid for type: integer format: int32 example: 750 refreshTokenValiditySeconds: description: The number of seconds a refresh token generated for this API Client is valid for example: 86400 type: integer format: int32 redirectUris: type: array nullable: true items: type: string description: A list of the approved redirect URIs. Provide one or more URIs when assigning the AUTHORIZATION_CODE grant type to a new OAuth Client. example: - http://localhost:12345 grantTypes: type: array nullable: true items: $ref: '#/components/schemas/GrantType' description: A list of OAuth 2.0 grant types this API Client can be used with example: - AUTHORIZATION_CODE - CLIENT_CREDENTIALS - REFRESH_TOKEN accessType: $ref: '#/components/schemas/AccessType' description: The access type (online or offline) of this API Client example: OFFLINE type: $ref: '#/components/schemas/ClientType' description: The type of the API Client (public or confidential) example: CONFIDENTIAL internal: type: boolean description: An indicator of whether the API Client can be used for requests internal within the product. example: false enabled: type: boolean description: An indicator of whether the API Client is enabled for use example: true strongAuthSupported: type: boolean description: An indicator of whether the API Client supports strong authentication example: false claimsSupported: type: boolean description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow example: false scope: type: array nullable: true items: type: string default: sp:scopes:all description: Scopes of the API Client. If no scope is specified, the client will be created with the default scope "sp:scopes:all". This means the API Client will have all the rights of the owner who created it. example: - demo:api-client-scope:first - demo:api-client-scope:second required: - name - description - accessTokenValiditySeconds - grantTypes - accessType - enabled CreateOAuthClientResponse: type: object title: Create O Auth Client Response properties: id: type: string description: ID of the OAuth client example: 2c9180835d2e5168015d32f890ca1581 secret: type: string description: Secret of the OAuth client (This field is only returned on the intial create call.) example: 5c32dd9b21adb51c77794d46e71de117a1d0ddb36a7ff941fa28014ab7de2cf3 businessName: type: string description: The name of the business the API Client should belong to example: Acme-Solar homepageUrl: type: string description: The homepage URL associated with the owner of the API Client example: http://localhost:12345 name: type: string description: A human-readable name for the API Client example: Demo API Client description: type: string description: A description of the API Client example: An API client used for the authorization_code, refresh_token, and client_credentials flows accessTokenValiditySeconds: description: The number of seconds an access token generated for this API Client is valid for example: 750 type: integer format: int32 refreshTokenValiditySeconds: description: The number of seconds a refresh token generated for this API Client is valid for example: 86400 type: integer format: int32 redirectUris: type: array items: type: string description: A list of the approved redirect URIs used with the authorization_code flow example: - http://localhost:12345 grantTypes: type: array items: $ref: '#/components/schemas/GrantType' description: A list of OAuth 2.0 grant types this API Client can be used with example: - AUTHORIZATION_CODE - CLIENT_CREDENTIALS - REFRESH_TOKEN accessType: $ref: '#/components/schemas/AccessType' description: The access type (online or offline) of this API Client example: OFFLINE type: $ref: '#/components/schemas/ClientType' description: The type of the API Client (public or confidential) example: CONFIDENTIAL internal: type: boolean description: An indicator of whether the API Client can be used for requests internal to IDN example: false enabled: type: boolean description: An indicator of whether the API Client is enabled for use example: true strongAuthSupported: type: boolean description: An indicator of whether the API Client supports strong authentication example: false claimsSupported: type: boolean description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow example: false created: type: string format: date-time description: The date and time, down to the millisecond, when the API Client was created example: '2017-07-11T18:45:37.098Z' modified: type: string format: date-time description: The date and time, down to the millisecond, when the API Client was last updated example: '2018-06-25T20:22:28.104Z' scope: type: array nullable: true items: type: string default: sp:scopes:all description: Scopes of the API Client. example: - demo:api-client-scope:first - demo:api-client-scope:second required: - id - secret - businessName - homepageUrl - name - description - accessTokenValiditySeconds - refreshTokenValiditySeconds - redirectUris - grantTypes - accessType - type - internal - enabled - strongAuthSupported - claimsSupported - created - modified - scope PasswordSyncGroup: type: object title: Password Sync Group properties: id: type: string description: ID of the sync group example: 6881f631-3bd5-4213-9c75-8e05cc3e35dd name: description: Name of the sync group type: string example: Password Sync Group 1 passwordPolicyId: type: string description: ID of the password policy example: 2c91808d744ba0ce01746f93b6204501 sourceIds: type: array description: List of password managed sources IDs items: type: string example: - 2c918084660f45d6016617daa9210584 - 2c918084660f45d6016617daa9210500 created: type: string description: The date and time this sync group was created format: date-time example: '2023-03-16T04:00:00Z' nullable: true modified: type: string description: The date and time this sync group was last modified format: date-time example: '2023-03-16T04:00:00Z' nullable: true PasswordPolicyV3Dto: type: object title: Password Policy V 3 Dto properties: id: type: string description: The password policy Id. example: 2c91808e7d976f3b017d9f5ceae440c8 description: type: string nullable: true description: Description for current password policy. example: Information about the Password Policy name: type: string description: The name of the password policy. example: PasswordPolicy Example dateCreated: type: integer format: int64 description: Date the Password Policy was created. example: 1639056206564 lastUpdated: type: integer format: int64 nullable: true description: Date the Password Policy was updated. example: 1939056206564 firstExpirationReminder: type: integer format: int64 description: The number of days before expiration remaninder. example: 45 accountIdMinWordLength: type: integer format: int64 description: The minimun length of account Id. By default is equals to -1. example: 4 accountNameMinWordLength: type: integer format: int64 description: The minimun length of account name. By default is equals to -1. example: 6 minAlpha: type: integer format: int64 description: Maximum alpha. By default is equals to 0. example: 5 minCharacterTypes: type: integer format: int64 description: MinCharacterTypes. By default is equals to -1. example: 5 maxLength: type: integer format: int64 description: Maximum length of the password. example: 25 minLength: type: integer format: int64 description: Minimum length of the password. By default is equals to 0. example: 8 maxRepeatedChars: type: integer format: int64 description: Maximum repetition of the same character in the password. By default is equals to -1. example: 3 minLower: type: integer format: int64 description: Minimum amount of lower case character in the password. By default is equals to 0. example: 8 minNumeric: type: integer format: int64 description: Minimum amount of numeric characters in the password. By default is equals to 0. example: 8 minSpecial: type: integer format: int64 description: Minimum amount of special symbols in the password. By default is equals to 0. example: 8 minUpper: type: integer format: int64 description: Minimum amount of upper case symbols in the password. By default is equals to 0. example: 8 passwordExpiration: type: integer format: int64 description: Number of days before current password expires. By default is equals to 90. example: 8 defaultPolicy: type: boolean description: Defines whether this policy is default or not. Default policy is created automatically when an org is setup. This field is false by default. example: true default: false enablePasswdExpiration: type: boolean description: Defines whether this policy is enabled to expire or not. This field is false by default. example: true default: false requireStrongAuthn: type: boolean description: Defines whether this policy require strong Auth or not. This field is false by default. example: true default: false requireStrongAuthOffNetwork: type: boolean description: Defines whether this policy require strong Auth of network or not. This field is false by default. example: true default: false requireStrongAuthUntrustedGeographies: type: boolean description: Defines whether this policy require strong Auth for untrusted geographies. This field is false by default. example: true default: false useAccountAttributes: type: boolean description: Defines whether this policy uses account attributes or not. This field is false by default. example: false default: false useDictionary: type: boolean description: Defines whether this policy uses dictionary or not. This field is false by default. example: false default: false useIdentityAttributes: type: boolean description: Defines whether this policy uses identity attributes or not. This field is false by default. example: false default: false validateAgainstAccountId: type: boolean description: Defines whether this policy validate against account id or not. This field is false by default. example: false default: false validateAgainstAccountName: type: boolean description: Defines whether this policy validate against account name or not. This field is false by default. example: true default: false created: type: string nullable: true modified: type: string nullable: true sourceIds: type: array description: List of sources IDs managed by this password policy. items: type: string example: - 2c91808382ffee0b01830de154f14034 - 2f98808382ffee0b01830de154f12134 PatOwner: type: object title: Pat Owner description: Personal access token owner's identity. properties: type: type: string description: Personal access token owner's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Personal access token owner's identity ID. example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Personal access token owner's human-readable display name. example: Support GetPersonalAccessTokenResponse: type: object title: Get Personal Access Token Response properties: id: type: string description: The ID of the personal access token (to be used as the username for Basic Auth). example: 86f1dc6fe8f54414950454cbb11278fa name: type: string description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user. example: NodeJS Integration scope: type: array nullable: true items: type: string default: sp:scopes:all description: Scopes of the personal access token. example: - demo:personal-access-token-scope:first - demo:personal-access-token-scope:second owner: $ref: '#/components/schemas/PatOwner' created: type: string format: date-time description: The date and time, down to the millisecond, when this personal access token was created. example: '2017-07-11T18:45:37.098Z' lastUsed: type: string nullable: true format: date-time description: The date and time, down to the millisecond, when this personal access token was last used to generate an access token. This timestamp does not get updated on every PAT usage, but only once a day. This property can be useful for identifying which PATs are no longer actively used and can be removed. example: '2017-07-11T18:45:37.098Z' managed: type: boolean default: false example: false description: If true, this token is managed by the SailPoint platform, and is not visible in the user interface. For example, Workflows will create managed personal access tokens for users who create workflows. accessTokenValiditySeconds: type: integer format: int32 default: 43200 example: 36900 description: Number of seconds an access token is valid when generated using this Personal Access Token. If no value is specified, the token will be created with the default value of 43200. expirationDate: type: string format: date-time default: 6 Months from created date example: '2018-01-11T18:45:37.098Z' description: Date and time, down to the millisecond, when this personal access token will expire. If not provided, the token will expire 6 months after its creation date. The value must be a valid date-time string between the current date and 6 months from the creation date. required: - id - name - scope - owner - created CreatePersonalAccessTokenRequest: type: object title: Create Personal Access Token Request description: Object for specifying the name of a personal access token to create properties: name: type: string description: The name of the personal access token (PAT) to be created. Cannot be the same as another PAT owned by the user for whom this PAT is being created. example: NodeJS Integration scope: type: array nullable: true items: type: string default: sp:scopes:all description: Scopes of the personal access token. If no scope is specified, the token will be created with the default scope "sp:scopes:all". This means the personal access token will have all the rights of the owner who created it. example: - demo:personal-access-token-scope:first - demo:personal-access-token-scope:second accessTokenValiditySeconds: type: integer nullable: true format: int32 minimum: 15 maximum: 43200 items: type: integer format: int32 default: 43200 description: Number of seconds an access token is valid when generated using this Personal Access Token. If no value is specified, the token will be created with the default value of 43200. example: 36900 expirationDate: type: string nullable: true format: date-time items: type: string format: date-time default: 6 Months from created date description: Date and time, down to the millisecond, when this personal access token will expire. If not provided, the token will expire 6 months after its creation date. The value must be a valid date-time string between the current date and 6 months from the creation date. example: '2018-01-11T18:45:37.098Z' required: - name CreatePersonalAccessTokenResponse: type: object title: Create Personal Access Token Response properties: id: type: string description: The ID of the personal access token (to be used as the username for Basic Auth). example: 86f1dc6fe8f54414950454cbb11278fa secret: type: string description: The secret of the personal access token (to be used as the password for Basic Auth). example: 1d1bef2b9f426383447f64f69349fc7cac176042578d205c256ba3f37c59adb9 scope: type: array nullable: true items: type: string default: sp:scopes:all description: Scopes of the personal access token. example: - demo:personal-access-token-scope:first - demo:personal-access-token-scope:second name: type: string description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user. example: NodeJS Integration owner: $ref: '#/components/schemas/PatOwner' created: type: string format: date-time description: The date and time, down to the millisecond, when this personal access token was created. example: '2017-07-11T18:45:37.098Z' accessTokenValiditySeconds: type: integer format: int32 items: type: integer format: int32 default: 43200 description: Number of seconds an access token is valid when generated using this Personal Access Token. If no value is specified, the token will be created with the default value of 43200. example: 36900 expirationDate: type: string format: date-time items: type: string format: date-time default: 6 Months from created date description: Date and time, down to the millisecond, when this personal access token will expire. If not provided, the token will expire 6 months after its creation date. The value must be a valid date-time string between the current date and 6 months from the creation date. example: '2018-01-11T18:45:37.098Z' required: - id - secret - scope - name - owner - created - accessTokenValiditySeconds - expirationDate IdentityReference: type: object title: Identity Reference nullable: true description: The manager for the identity. properties: type: $ref: '#/components/schemas/DtoType' example: IDENTITY id: type: string description: Identity id example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Human-readable display name of identity. example: Thomas Edison PublicIdentity: type: object title: Public Identity description: Details about a public identity properties: id: type: string description: Identity id example: 2c9180857182305e0171993735622948 name: type: string description: Human-readable display name of identity. example: Alison Ferguso alias: type: string description: Alternate unique identifier for the identity. example: alison.ferguso email: nullable: true type: string description: Email address of identity. example: alison.ferguso@acme-solar.com status: nullable: true type: string description: The lifecycle status for the identity example: Active identityState: nullable: true type: string enum: - ACTIVE - INACTIVE_SHORT_TERM - INACTIVE_LONG_TERM - null example: ACTIVE description: | The current state of the identity, which determines how Identity Security Cloud interacts with the identity. An identity that is Active will be included identity picklists in Request Center, identity processing, and more. Identities that are Inactive will be excluded from these features. manager: $ref: '#/components/schemas/IdentityReference' description: An identity reference to the manager of this identity attributes: type: array description: The public identity attributes of the identity items: type: object properties: key: type: string description: The attribute key example: country name: type: string description: Human-readable display name of the attribute example: Country value: type: string description: The attribute value example: US nullable: true PublicIdentityAttributeConfig: type: object title: Public Identity Attribute Config description: Used to map an attribute key for an Identity to its display name. properties: key: type: string description: The attribute key example: country name: type: string description: The attribute display name example: Country PublicIdentityConfig: type: object title: Public Identity Config description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org. properties: attributes: type: array description: Up to 5 identity attributes that will be available to everyone in the org for all users in the org. items: $ref: '#/components/schemas/PublicIdentityAttributeConfig' modified: nullable: true type: string description: When this configuration was last modified. format: date-time example: '2018-06-25T20:22:28.104Z' modifiedBy: description: The identity who last modified this configuration. $ref: '#/components/schemas/IdentityReference' IdentityEntitlementDetailsEntitlementDto: type: object title: Identity Entitlement Details Entitlement Dto properties: id: type: string description: The entitlement id example: 2c91808874ff91550175097daaec161c name: type: string description: The entitlement name example: LauncherTest2 created: type: string description: Time when the entitlement was last modified format: date-time example: '2020-10-08T18:33:52.029Z' modified: type: string description: Time when the entitlement was last modified format: date-time example: '2020-10-08T18:33:52.029Z' description: type: string description: The description of the entitlement example: CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local nullable: true type: type: string description: The type of the object, will always be "ENTITLEMENT" example: ENTITLEMENT sourceId: type: string description: The source ID example: 2c9180827ca885d7017ca8ce28a000eb sourceName: type: string description: The source name example: ODS-AD-Source owner: $ref: '#/components/schemas/OwnerDto' value: type: string description: The value of the entitlement example: CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local flags: description: a list of properties informing the viewer about the entitlement type: array items: type: string example: - privileged IdentityEntitlementDetailsAccountTarget: type: object title: Identity Entitlement Details Account Target properties: accountId: type: string description: The id of account example: c5ef070e-92c6-4276-a006-98490f132dec accountName: type: string description: The name of account example: Adalberto.XYZ accountUUID: nullable: true type: string description: The UUID representation of the account if available example: 2236c29e-68a6-494d-a469-d072172f46cf sourceId: type: string description: The id of Source example: 9269d764-8358-4ab9-9748-d4b7418548ca sourceName: type: string description: The name of Source example: JDBC XYZ Source removeDate: nullable: true type: string description: The removal date scheduled for the entitlement on the Identity example: '2035-01-01T12:00:00.000Z' assignmentId: nullable: true type: string description: The assignmentId of the entitlement on the Identity example: 77a5b7b4-262f-4b6a-a2aa-87f84f45f96f revocable: type: boolean default: false description: If the entitlement can be revoked example: true IdentityEntitlementDetails: type: object title: Identity Entitlement Details properties: identityId: type: string description: Id of Identity example: 5928c61f-3f2e-417a-8d65-f76451e2050a entitlement: $ref: '#/components/schemas/IdentityEntitlementDetailsEntitlementDto' sourceId: type: string description: Id of Source example: b56728da-a24d-4177-a207-2bc4d42cba27 accountTargets: description: A list of account targets on the identity provisioned with the requested entitlement. type: array items: $ref: '#/components/schemas/IdentityEntitlementDetailsAccountTarget' example: - accountId: e7ef11cee24542b78618ce017117699f accountName: Adalberto.XYZ accountUUID: null sourceId: 0108906b66634d9ab7819a03eb263a88 sourceName: ODS-AD-FF-Source [source-XYZ] removeDate: null assignmentId: null revocable: true AccessProfileRef: type: object properties: id: type: string description: ID of the Access Profile example: ff808081751e6e129f1518161919ecca type: type: string description: Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result. enum: - ACCESS_PROFILE example: ACCESS_PROFILE name: type: string description: Human-readable display name of the Access Profile. This field is ignored on input. example: Access Profile 2567 RoleMembershipSelectorType: type: string enum: - STANDARD - IDENTITY_LIST description: |- This enum characterizes the type of a Role's membership selector. Only the following two are fully supported: STANDARD: Indicates that Role membership is defined in terms of a criteria expression IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed example: IDENTITY_LIST RoleCriteriaOperation: type: string enum: - EQUALS - NOT_EQUALS - CONTAINS - STARTS_WITH - ENDS_WITH - AND - OR description: An operation example: EQUALS RoleCriteriaKeyType: type: string enum: - IDENTITY - ACCOUNT - ENTITLEMENT description: Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively. example: ACCOUNT RoleCriteriaKey: type: object nullable: true description: Refers to a specific Identity attribute, Account attribute, or Entitlement used in Role membership criteria properties: type: $ref: '#/components/schemas/RoleCriteriaKeyType' property: type: string description: The name of the attribute or entitlement to which the associated criteria applies. example: attribute.email sourceId: type: string nullable: true description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT example: 2c9180867427f3a301745aec18211519 required: - type - property RoleCriteriaLevel3: type: object description: Defines STANDARD type Role membership properties: operation: $ref: '#/components/schemas/RoleCriteriaOperation' key: $ref: '#/components/schemas/RoleCriteriaKey' stringValue: type: string description: String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error. example: carlee.cert1c9f9b6fd@mailinator.com RoleCriteriaLevel2: type: object nullable: true description: Defines STANDARD type Role membership properties: operation: $ref: '#/components/schemas/RoleCriteriaOperation' key: $ref: '#/components/schemas/RoleCriteriaKey' stringValue: type: string nullable: true description: String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error. example: carlee.cert1c9f9b6fd@mailinator.com children: type: array items: $ref: '#/components/schemas/RoleCriteriaLevel3' nullable: true description: Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa. RoleCriteriaLevel1: type: object nullable: true description: Defines STANDARD type Role membership properties: operation: $ref: '#/components/schemas/RoleCriteriaOperation' key: $ref: '#/components/schemas/RoleCriteriaKey' stringValue: type: string nullable: true description: String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error. example: carlee.cert1c9f9b6fd@mailinator.com children: type: array items: $ref: '#/components/schemas/RoleCriteriaLevel2' nullable: true description: Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa. RoleMembershipIdentity: type: object description: A reference to an Identity in an IDENTITY_LIST role membership criteria. properties: type: $ref: '#/components/schemas/DtoType' nullable: true example: IDENTITY id: type: string description: Identity id example: 2c9180a46faadee4016fb4e018c20639 name: type: string nullable: true description: Human-readable display name of the Identity. example: Thomas Edison aliasName: type: string nullable: true description: User name of the Identity example: t.edison RoleMembershipSelector: type: object nullable: true description: When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities. properties: type: $ref: '#/components/schemas/RoleMembershipSelectorType' criteria: $ref: '#/components/schemas/RoleCriteriaLevel1' nullable: true identities: type: array items: $ref: '#/components/schemas/RoleMembershipIdentity' nullable: true description: Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST. ApprovalSchemeForRole: type: object properties: approverType: type: string enum: - OWNER - MANAGER - GOVERNANCE_GROUP - WORKFLOW description: |- Describes the individual or group that is responsible for an approval step. Values are as follows. **OWNER**: Owner of the associated Role **MANAGER**: Manager of the Identity making the request **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field **WORKFLOW**: A Workflow, the ID of which is specified by the **approverId** field. Workflow is exclusive to other types of approvals and License required. example: GOVERNANCE_GROUP approverId: type: string nullable: true description: Id of the specific approver, used when approverType is GOVERNANCE_GROUP or WORKFLOW. example: 46c79819-a69f-49a2-becb-12c971ae66c6 RequestabilityForRole: type: object properties: commentsRequired: type: boolean description: Whether the requester of the containing object must provide comments justifying the request example: true nullable: true default: false denialCommentsRequired: type: boolean description: Whether an approver must provide comments when denying the request example: true nullable: true default: false reauthorizationRequired: type: boolean description: Indicates whether reauthorization is required for the request. example: true nullable: true default: false approvalSchemes: type: array description: List describing the steps in approving the request items: $ref: '#/components/schemas/ApprovalSchemeForRole' RevocabilityForRole: type: object properties: commentsRequired: type: boolean description: Whether the requester of the containing object must provide comments justifying the request example: false nullable: true default: false denialCommentsRequired: type: boolean description: Whether an approver must provide comments when denying the request example: false nullable: true default: false approvalSchemes: type: array description: List describing the steps in approving the revocation request items: $ref: '#/components/schemas/ApprovalSchemeForRole' DimensionRef: type: object properties: type: type: string enum: - DIMENSION description: The type of the object to which this reference applies example: DIMENSION id: type: string description: ID of the object to which this reference applies example: 2c91808568c529c60168cca6f90c1313 name: type: string description: Human-readable display name of the object to which this reference applies example: Role 2 Role: type: object description: A Role properties: id: type: string description: The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result. example: 2c918086749d78830174a1a40e121518 name: type: string description: The human-readable display name of the Role maxLength: 128 example: Role 2567 created: type: string description: Date the Role was created format: date-time example: '2021-03-01T22:32:58.104Z' readOnly: true modified: type: string description: Date the Role was last modified. format: date-time example: '2021-03-02T20:22:28.104Z' readOnly: true description: type: string nullable: true description: A human-readable description of the Role example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor. owner: $ref: '#/components/schemas/OwnerReference' accessProfiles: type: array items: $ref: '#/components/schemas/AccessProfileRef' nullable: true entitlements: type: array items: $ref: '#/components/schemas/EntitlementRef' membership: $ref: '#/components/schemas/RoleMembershipSelector' nullable: true legacyMembershipInfo: type: object nullable: true description: This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration. example: type: IDENTITY_LIST additionalProperties: true enabled: type: boolean description: Whether the Role is enabled or not. example: true default: false requestable: type: boolean description: Whether the Role can be the target of access requests. example: true default: false accessRequestConfig: $ref: '#/components/schemas/RequestabilityForRole' nullable: true description: Access request configuration for this object revocationRequestConfig: $ref: '#/components/schemas/RevocabilityForRole' nullable: true default: null description: Revocation request configuration for this object. segments: type: array items: type: string nullable: true description: List of IDs of segments, if any, to which this Role is assigned. example: - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 - 29cb6c06-1da8-43ea-8be4-b3125f248f2a dimensional: description: Whether the Role is dimensional. type: boolean nullable: true default: false dimensionRefs: type: array items: $ref: '#/components/schemas/DimensionRef' nullable: true description: List of references to dimensions to which this Role is assigned. This field is only relevant if the Role is dimensional. accessModelMetadata: $ref: '#/components/schemas/AttributeDTOList' description: This field must be left null or empty when creating an Role, otherwise a 400 Bad Request error will result. example: - key: iscFederalClassifications name: Federal Classifications multiselect: true status: active type: governance objectTypes: - general description: Classification used by government organizations to specify the level of confidentiality for an access item. values: - value: secret name: Secret status: active required: - name - owner RoleBulkDeleteRequest: type: object properties: roleIds: description: List of IDs of Roles to be deleted. type: array items: type: string example: - 2c9180847812e0b1017817051919ecca - 2c9180887812e0b201781e129f151816 required: - roleIds RoleAssignmentSourceType: type: string enum: - ACCESS_REQUEST - ROLE_MEMBERSHIP description: Type which indicates how a particular Identity obtained a particular Role example: ACCESS_REQUEST RoleIdentity: type: object description: A subset of the fields of an Identity which is a member of a Role. properties: id: type: string description: The ID of the Identity example: 2c9180a46faadee4016fb4e018c20639 aliasName: type: string description: The alias / username of the Identity example: t.edison name: type: string description: The human-readable display name of the Identity example: Thomas Edison email: type: string description: Email address of the Identity example: t.edison@identitynow.com roleAssignmentSource: $ref: '#/components/schemas/RoleAssignmentSourceType' DimensionMembershipSelectorType: type: string enum: - STANDARD description: |- This enum characterizes the type of a Dimension's membership selector. Only the STANDARD type supported: STANDARD: Indicates that Dimension membership is defined in terms of a criteria expression example: STANDARD DimensionCriteriaOperation: type: string enum: - EQUALS - AND - OR description: An operation example: EQUALS DimensionCriteriaKeyType: type: string enum: - IDENTITY description: Indicates whether the associated criteria represents an expression on identity attributes. example: IDENTITY DimensionCriteriaKey: type: object nullable: true description: Refers to a specific Identity attribute used in Dimension membership criteria. properties: type: $ref: '#/components/schemas/DimensionCriteriaKeyType' property: type: string description: The name of the identity attribute to which the associated criteria applies. example: attribute.email required: - type - property DimensionCriteriaLevel3: type: object description: Defines STANDARD type Dimension membership properties: operation: $ref: '#/components/schemas/DimensionCriteriaOperation' key: $ref: '#/components/schemas/DimensionCriteriaKey' stringValue: type: string description: String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, this field is required. Otherwise, specifying it is an error. example: carlee.cert1c9f9b6fd@mailinator.com DimensionCriteriaLevel2: type: object nullable: true description: Defines STANDARD type Role membership properties: operation: $ref: '#/components/schemas/DimensionCriteriaOperation' key: $ref: '#/components/schemas/DimensionCriteriaKey' stringValue: type: string nullable: true description: String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, this field is required. Otherwise, specifying it is an error. example: carlee.cert1c9f9b6fd@mailinator.com children: type: array items: $ref: '#/components/schemas/DimensionCriteriaLevel3' nullable: true description: Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa. DimensionCriteriaLevel1: type: object nullable: true description: Defines STANDARD type Dimension membership properties: operation: $ref: '#/components/schemas/DimensionCriteriaOperation' key: $ref: '#/components/schemas/DimensionCriteriaKey' stringValue: type: string nullable: true description: String value to test the Identity attribute specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is EQUALS, this field is required. Otherwise, specifying it is an error. example: carlee.cert1c9f9b6fd@mailinator.com children: type: array items: $ref: '#/components/schemas/DimensionCriteriaLevel2' nullable: true description: Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa. DimensionMembershipSelector: type: object nullable: true description: When present, specifies that the Dimension is to be granted to Identities which either satisfy specific criteria. properties: type: $ref: '#/components/schemas/DimensionMembershipSelectorType' criteria: $ref: '#/components/schemas/DimensionCriteriaLevel1' nullable: true Dimension: type: object description: A Dimension properties: id: type: string description: The id of the Dimension. This field must be left null when creating a dimension, otherwise a 400 Bad Request error will result. example: 2c918086749d78830174a1a40e121518 name: type: string description: The human-readable display name of the Dimension maxLength: 128 example: Dimension 2567 created: type: string description: Date the Dimension was created format: date-time example: '2021-03-01T22:32:58.104Z' readOnly: true modified: type: string description: Date the Dimension was last modified. format: date-time example: '2021-03-02T20:22:28.104Z' readOnly: true description: type: string nullable: true description: A human-readable description of the Dimension example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor. owner: $ref: '#/components/schemas/OwnerReference' accessProfiles: type: array items: $ref: '#/components/schemas/AccessProfileRef' nullable: true entitlements: type: array items: $ref: '#/components/schemas/EntitlementRef' membership: $ref: '#/components/schemas/DimensionMembershipSelector' nullable: true parentId: type: string nullable: true description: The ID of the parent role. This field can be left null when creating a dimension, but if provided, it must match the role ID specified in the path variable of the API call. example: 2c918086749d78830174a1a40e121518 required: - name - owner DimensionBulkDeleteRequest: type: object properties: dimensionIds: description: List of IDs of Dimensions to be deleted. type: array items: type: string example: - 2c9180847812e0b1017817051919ecca - 2c9180887812e0b201781e129f151816 required: - dimensionIds TypedReference: type: object description: | A typed reference to the object. properties: type: $ref: '#/components/schemas/DtoType' id: description: | The id of the object. type: string example: 2c91808568c529c60168cca6f90c1313 required: - type - id SavedSearchName: type: object properties: name: description: | The name of the saved search. type: string example: Disabled accounts description: description: | The description of the saved search. type: string nullable: true example: Disabled accounts DateTime: type: string nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' description: A date-time in ISO-8601 format Index: description: |- Enum representing the currently supported indices. Additional values may be added in the future without notice. type: string enum: - accessprofiles - accountactivities - entitlements - events - identities - roles - '*' example: identities Column: type: object properties: field: description: | The name of the field. type: string example: email header: description: | The value of the header. type: string example: Work Email required: - field FilterType: description: |- Enum representing the currently supported filter types. Additional values may be added in the future without notice. type: string enum: - EXISTS - RANGE - TERMS example: RANGE Bound: type: object required: - value properties: value: description: The value of the range's endpoint. type: string example: '1' inclusive: description: Indicates if the endpoint is included in the range. type: boolean default: false example: false Range: type: object description: The range of values to be filtered. properties: lower: description: The lower bound of the range. $ref: '#/components/schemas/Bound' upper: description: The upper bound of the range. $ref: '#/components/schemas/Bound' Filter: type: object properties: type: $ref: '#/components/schemas/FilterType' range: $ref: '#/components/schemas/Range' terms: description: The terms to be filtered. type: array items: type: string example: account_count exclude: description: Indicates if the filter excludes results. type: boolean default: false example: false SavedSearchDetail: type: object properties: created: description: | The date the saved search was initially created. $ref: '#/components/schemas/DateTime' modified: description: | The last date the saved search was modified. $ref: '#/components/schemas/DateTime' indices: description: | The names of the Elasticsearch indices in which to search. type: array items: $ref: '#/components/schemas/Index' example: - identities columns: description: | The columns to be returned (specifies the order in which they will be presented) for each document type. The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_. type: object additionalProperties: type: array items: $ref: '#/components/schemas/Column' example: identity: - field: displayName header: Display Name - field: e-mail header: Work Email query: description: | The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL. type: string example: '@accounts(disabled:true)' fields: description: | The fields to be searched against in a multi-field query. type: array nullable: true items: type: string example: - disabled orderBy: description: | Sort by index. This takes precedence over the `sort` property. type: object additionalProperties: type: array items: type: string nullable: true example: identity: - lastName - firstName role: - name sort: description: | The fields to be used to sort the search results. type: array items: type: string example: - displayName nullable: true filters: nullable: true allOf: - type: object description: The filters to be applied for each filtered field name. example: attributes.cloudAuthoritativeSource: type: EXISTS exclude: true accessCount: type: RANGE range: lower: value: '3' created: type: RANGE range: lower: value: '2019-12-01' inclusive: true upper: value: '2020-01-01' source.name: type: TERMS terms: - HR Employees - Corporate Active Directory exclude: true protected: type: TERMS terms: - 'true' - $ref: '#/components/schemas/Filter' required: - indices - query SearchArguments: type: object properties: scheduleId: description: | The ID of the scheduled search that triggered the saved search execution. type: string example: 7a724640-0c17-4ce9-a8c3-4a89738459c8 owner: description: | The owner of the scheduled search being tested. allOf: - $ref: '#/components/schemas/TypedReference' recipients: description: | The email recipients of the scheduled search being tested. type: array items: $ref: '#/components/schemas/TypedReference' ScheduledSearchName: type: object properties: name: description: | The name of the scheduled search. type: string example: Daily disabled accounts nullable: true description: description: | The description of the scheduled search. type: string nullable: true example: Daily disabled accounts ScheduleType: description: | Enum representing the currently supported schedule types. Additional values may be added in the future without notice. type: string enum: - DAILY - WEEKLY - MONTHLY - CALENDAR - ANNUALLY example: WEEKLY SelectorType: description: | Enum representing the currently supported selector types. LIST - the *values* array contains one or more distinct values. RANGE - the *values* array contains two values: the start and end of the range, inclusive. Additional values may be added in the future without notice. type: string enum: - LIST - RANGE example: LIST Selector: type: object properties: type: $ref: '#/components/schemas/SelectorType' values: description: | The selected values. type: array items: type: string example: - MON - WED interval: nullable: true description: | The selected interval for RANGE selectors. type: integer format: int32 example: 3 required: - type - values SearchSchedule: type: object properties: savedSearchId: description: The ID of the saved search that will be executed. type: string example: 554f1511-f0a1-4744-ab14-599514d3e57c created: allOf: - $ref: '#/components/schemas/DateTime' description: The date the scheduled search was initially created. readOnly: true modified: allOf: - $ref: '#/components/schemas/DateTime' description: The last date the scheduled search was modified. readOnly: true schedule: $ref: '#/components/schemas/Schedule' recipients: description: A list of identities that should receive the scheduled search report via email. type: array items: type: object properties: type: type: string description: The type of object being referenced enum: - IDENTITY example: IDENTITY id: type: string description: The ID of the referenced object example: 2c9180867624cbd7017642d8c8c81f67 required: - type - id enabled: description: | Indicates if the scheduled search is enabled. type: boolean default: false example: false emailEmptyResults: description: | Indicates if email generation should occur when search returns no results. type: boolean default: false example: false displayQueryDetails: description: | Indicates if the generated email should include the query and search results preview (which could include PII). type: boolean default: false example: false required: - savedSearchId - schedule - recipients QueryType: description: |- The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body. To use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly. Additional values may be added in the future without notice. type: string enum: - DSL - SAILPOINT - TEXT - TYPEAHEAD default: SAILPOINT example: SAILPOINT ElasticVersion: description: The current Elasticserver version. type: string default: '5.2' example: '5.2' InnerHit: type: object description: Inner Hit query object that will cause the specified nested type to be returned as the result matching the supplied query. required: - query - type properties: query: description: The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries. type: string example: source.name:\"Active Directory\" type: description: The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps. type: string example: access Query: type: object description: Query parameters used to construct an Elasticsearch query object. properties: query: description: The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries. type: string example: name:a* fields: description: |- The fields the query will be applied to. Fields provide you with a simple way to add additional fields to search, without making the query too complicated. For example, you can use the fields to specify that you want your query of "a*" to be applied to "name", "firstName", and the "source.name". The response will include all results matching the "a*" query found in those three fields. A field's availability depends on the indices being searched. For example, if you are searching "identities", you can apply your search to the "firstName" field, but you couldn't use "firstName" with a search on "access profiles". Refer to the response schema for the respective lists of available fields. type: string example: - firstName,lastName,email timeZone: description: The time zone to be applied to any range query related to dates. type: string example: America/Chicago innerHit: description: The innerHit query object returns a flattened list of results for the specified nested type. $ref: '#/components/schemas/InnerHit' TextQuery: type: object description: Query parameters used to construct an Elasticsearch text query object. required: - terms - fields properties: terms: description: Words or characters that specify a particular thing to be searched for. type: array items: type: string example: - The quick brown fox - '3141592' - '7' fields: description: The fields to be searched. type: array items: type: string example: - displayName - employeeNumber - roleCount matchAny: description: Indicates that at least one of the terms must be found in the specified fields; otherwise, all terms must be found. type: boolean default: false example: false contains: description: Indicates that the terms can be located anywhere in the specified fields; otherwise, the fields must begin with the terms. type: boolean default: false example: true TypeAheadQuery: type: object description: 'Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job." ' required: - query - field properties: query: description: The type ahead query string used to construct a phrase prefix match query. type: string example: Work field: description: The field on which to perform the type ahead search. type: string example: source.name nestedType: description: The nested type. type: string example: access maxExpansions: description: |- The number of suffixes the last term will be expanded into. Influences the performance of the query and the number results returned. Valid values: 1 to 1000. type: integer format: int32 minimum: 1 maximum: 1000 default: 10 example: 10 size: description: The max amount of records the search will return. type: integer format: int32 minimum: 1 default: 100 example: 100 sort: description: The sort order of the returned records. type: string default: desc example: asc sortByValue: description: The flag that defines the sort type, by count or value. type: boolean default: false example: true QueryResultFilter: type: object description: Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents. properties: includes: description: The list of field names to include in the result documents. type: array items: type: string example: - name - displayName excludes: description: The list of field names to exclude from the result documents. type: array items: type: string example: - stacktrace AggregationType: description: | Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results. Additional values may be added in the future without notice. type: string enum: - DSL - SAILPOINT default: DSL example: DSL NestedAggregation: type: object description: The nested aggregation object. required: - name - type properties: name: description: The name of the nested aggregate to be included in the result. type: string example: id type: description: The type of the nested object. type: string example: access MetricType: description: |- Enum representing the currently supported metric aggregation types. Additional values may be added in the future without notice. type: string enum: - COUNT - UNIQUE_COUNT - AVG - SUM - MEDIAN - MIN - MAX default: UNIQUE_COUNT example: COUNT MetricAggregation: type: object description: The calculation done on the results of the query required: - name - field properties: name: description: |- The name of the metric aggregate to be included in the result. If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. type: string example: Access Name Count type: $ref: '#/components/schemas/MetricType' field: description: | The field the calculation is performed on. Prefix the field name with '@' to reference a nested object. type: string example: '@access.name' SearchFilterType: description: |- Enum representing the currently supported filter aggregation types. Additional values may be added in the future without notice. type: string enum: - TERM default: TERM example: TERM FilterAggregation: type: object description: An additional filter to constrain the results of the search query. required: - name - field - value properties: name: description: The name of the filter aggregate to be included in the result. type: string example: Entitlements type: $ref: '#/components/schemas/SearchFilterType' field: description: | The search field to apply the filter to. Prefix the field name with '@' to reference a nested object. type: string example: access.type value: description: The value to filter on. type: string example: ENTITLEMENT BucketType: description: |- Enum representing the currently supported bucket aggregation types. Additional values may be added in the future without notice. type: string enum: - TERMS default: TERMS example: TERMS BucketAggregation: type: object description: The bucket to group the results of the aggregation query by. required: - name - field properties: name: description: The name of the bucket aggregate to be included in the result. type: string example: Identity Locations type: $ref: '#/components/schemas/BucketType' field: description: |- The field to bucket on. Prefix the field name with '@' to reference a nested object. type: string example: attributes.city size: description: Maximum number of buckets to include. type: integer format: int32 example: 100 minDocCount: description: Minimum number of documents a bucket should have. type: integer format: int32 example: 2 Aggregations: type: object properties: nested: $ref: '#/components/schemas/NestedAggregation' metric: $ref: '#/components/schemas/MetricAggregation' filter: $ref: '#/components/schemas/FilterAggregation' bucket: $ref: '#/components/schemas/BucketAggregation' SubSearchAggregationSpecification: allOf: - $ref: '#/components/schemas/Aggregations' - type: object properties: subAggregation: description: Aggregation to be performed on the result of the parent bucket aggregation. $ref: '#/components/schemas/Aggregations' SearchAggregationSpecification: allOf: - $ref: '#/components/schemas/Aggregations' - type: object properties: subAggregation: description: Aggregation to be performed on the result of the parent bucket aggregation. $ref: '#/components/schemas/SubSearchAggregationSpecification' Search: type: object properties: indices: description: The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched. externalDocs: description: Learn more about search indices here. url: https://documentation.sailpoint.com/saas/help/search/searchable-fields.html type: array items: $ref: '#/components/schemas/Index' example: - identities queryType: $ref: '#/components/schemas/QueryType' queryVersion: allOf: - $ref: '#/components/schemas/ElasticVersion' - type: string description: |- The version of the query object. This version number will map to the version of Elasticsearch for the query strings and objects being used. query: $ref: '#/components/schemas/Query' queryDsl: description: The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax. type: object example: match: name: john.doe textQuery: $ref: '#/components/schemas/TextQuery' typeAheadQuery: $ref: '#/components/schemas/TypeAheadQuery' includeNested: description: Indicates whether nested objects from returned search results should be included. type: boolean default: true example: true queryResultFilter: $ref: '#/components/schemas/QueryResultFilter' aggregationType: $ref: '#/components/schemas/AggregationType' aggregationsVersion: allOf: - $ref: '#/components/schemas/ElasticVersion' - type: string description: |- The version of the language being used for aggregation queries. This version number will map to the version of Elasticsearch for the aggregation query object. aggregationsDsl: description: The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax. type: object example: {} aggregations: description: | The aggregation’s specifications, such as the groupings and calculations to be performed. $ref: '#/components/schemas/SearchAggregationSpecification' sort: description: The fields to be used to sort the search results. Use + or - to specify the sort direction. type: array items: type: string example: - displayName - +id searchAfter: description: |- Used to begin the search window at the values specified. This parameter consists of the last values of the sorted fields in the current record set. This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value. It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging. For example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example ["displayName", "id"]. If the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is "John Doe", then using that displayName and ID will start a new search after this identity. The searchAfter value will look like ["John Doe","2c91808375d8e80a0175e1f88a575221"] type: array items: type: string example: - John Doe - 2c91808375d8e80a0175e1f88a575221 filters: description: The filters to be applied for each filtered field name. type: object additionalProperties: $ref: '#/components/schemas/Filter' example: {} BaseAccess: type: object properties: description: type: string description: Access item's description. example: Admin access created: type: string description: ISO-8601 date-time referring to the time when the object was created. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' modified: type: string description: ISO-8601 date-time referring to the time when the object was last modified. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' synced: type: string description: |- ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API. This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database. There may be some delay between the `synced` time and the time when the updated data is actually available in the search API. nullable: true format: date-time example: '2018-06-25T20:22:33.104Z' enabled: type: boolean description: Indicates whether the access item is currently enabled. default: false example: true requestable: type: boolean description: Indicates whether the access item can be requested. default: true example: true requestCommentsRequired: type: boolean description: Indicates whether comments are required for requests to access the item. default: false example: false owner: type: object description: Owner's identity. properties: type: type: string description: Owner's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Owner's identity ID. example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Owner's display name. example: Support email: type: string description: Owner's email. example: cloud-support@sailpoint.com BaseEntitlement: type: object properties: hasPermissions: type: boolean description: Indicates whether the entitlement has permissions. default: false example: false description: type: string description: Entitlement's description. nullable: true example: Cloud engineering attribute: type: string description: Entitlement attribute's name. example: memberOf value: type: string description: Entitlement's value. example: CN=Cloud Engineering,DC=sailpoint,DC=COM schema: type: string description: Entitlement's schema. example: group privileged: type: boolean description: Indicates whether the entitlement is privileged. default: false example: false id: type: string description: Entitlement's ID. example: 2c918084575812550157589064f33b89 name: type: string description: Entitlement's name. example: CN=Cloud Engineering,DC=sailpoint,DC=COM BaseSegment: type: object properties: id: type: string example: b009b6e3-b56d-41d9-8735-cb532ea0b017 description: Segment's unique ID. name: type: string example: Test Segment description: Segment's display name. Tags: type: array description: Tags that have been applied to the object. items: type: string example: - TAG_1 - TAG_2 AccessApps: type: object properties: id: type: string example: 2c91808568c529c60168cca6f90c1313 description: The unique ID of the referenced object. name: type: string description: Name of application example: Travel and Expense description: description: Description of application. type: string example: Travel and Expense Application owner: type: object description: Owner's identity. properties: type: type: string description: Owner's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Owner's identity ID. example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Owner's display name. example: John Doe email: type: string description: Owner's email. example: john.doe@sailpoint.com DocumentType: description: |- Enum representing the currently supported document types. Additional values may be added in the future without notice. type: string enum: - accessprofile - accountactivity - entitlement - event - identity - role example: identity DocumentFields: type: object properties: pod: type: string example: pod01-useast1 description: Name of the pod. org: type: string example: org-name description: Name of the tenant. _type: $ref: '#/components/schemas/DocumentType' type: $ref: '#/components/schemas/DocumentType' _version: type: string example: v2 description: Version number. AccessProfileDocuments: type: object allOf: - $ref: '#/components/schemas/AccessProfileDocument' - $ref: '#/components/schemas/DocumentFields' Reference: type: object properties: id: type: string example: 2c91808568c529c60168cca6f90c1313 description: The unique ID of the referenced object. name: type: string example: John Doe description: The human readable name of the referenced object. ActivityIdentity: allOf: - $ref: '#/components/schemas/Reference' - type: object properties: type: type: string example: Identity description: Type of object ApprovalComment-2: type: object properties: comment: type: string description: The comment text example: This request was autoapproved by our automated ETS subscriber. commenter: type: string description: The name of the commenter example: Automated AR Approval date: $ref: '#/components/schemas/DateTime' AttributeRequest: type: object properties: name: type: string description: Attribute name. example: groups op: type: string description: Operation to perform on attribute. example: Add value: oneOf: - type: string example: '3203537556531076' - type: array items: type: string example: - '3203537556531076' - '1263537556831096' description: Value of attribute. AccountSource: allOf: - $ref: '#/components/schemas/Reference' - type: object properties: type: type: string example: Delimited File description: Type of source returned. Approval: type: object properties: comments: type: array items: $ref: '#/components/schemas/ApprovalComment-2' modified: $ref: '#/components/schemas/DateTime' owner: $ref: '#/components/schemas/ActivityIdentity' result: type: string description: The result of the approval example: Finished attributeRequest: $ref: '#/components/schemas/AttributeRequest' source: $ref: '#/components/schemas/AccountSource' Result: type: object properties: status: type: string description: Request result status example: Manual Task Created OriginalRequest: type: object properties: accountId: type: string description: Account ID. example: CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com result: $ref: '#/components/schemas/Result' attributeRequests: type: array description: Attribute changes requested for account. items: $ref: '#/components/schemas/AttributeRequest' op: type: string description: Operation used. example: add source: description: Account's source. $ref: '#/components/schemas/AccountSource' ExpansionItem: type: object properties: accountId: type: string description: The ID of the account example: 2c91808981f58ea601821c3e93482e6f cause: type: string example: Role description: Cause of the expansion item. name: type: string description: The name of the item example: smartsheet-role attributeRequest: $ref: '#/components/schemas/AttributeRequest' source: $ref: '#/components/schemas/AccountSource' id: type: string description: ID of the expansion item example: ac2887ffe0e7435a8c18c73f7ae94c7b state: type: string description: State of the expansion item example: EXECUTING AccountRequest: type: object properties: accountId: type: string description: Unique ID of the account example: John.Doe attributeRequests: type: array items: $ref: '#/components/schemas/AttributeRequest' op: type: string example: Modify description: The operation that was performed provisioningTarget: $ref: '#/components/schemas/AccountSource' result: type: object properties: errors: type: array items: type: string example: |- [ConnectorError] [ { "code": "unrecognized_keys", "keys": [ "groups" ], "path": [], "message": "Unrecognized key(s) in object: 'groups'" } ] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e) description: Error message. status: type: string description: The status of the account request example: failed ticketId: type: string nullable: true example: null description: ID of associated ticket. source: $ref: '#/components/schemas/AccountSource' AccountActivityDocument: description: AccountActivity type: object properties: id: type: string example: 2c91808375d8e80a0175e1f88a575222 description: ID of account activity. action: type: string description: Type of action performed in the activity. externalDocs: description: Learn more about account activity action types url: https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data example: Identity Refresh. created: type: string description: ISO-8601 date-time referring to the time when the object was created. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' modified: type: string description: ISO-8601 date-time referring to the time when the object was last modified. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' synced: type: string description: |- ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API. This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database. There may be some delay between the `synced` time and the time when the updated data is actually available in the search API. example: '2018-06-25T20:22:28.104Z' stage: type: string description: Activity's current stage. example: Completed status: type: string description: Activity's current status. example: Complete requester: $ref: '#/components/schemas/ActivityIdentity' recipient: $ref: '#/components/schemas/ActivityIdentity' trackingNumber: type: string description: Account activity's tracking number. example: 61aad0c9e8134eca89e76a35e0cabe3f errors: type: array description: Errors provided by the source while completing account actions. items: type: string nullable: true example: null warnings: type: array description: Warnings provided by the source while completing account actions. items: type: string nullable: true example: null approvals: type: array description: Approvals performed on an item during activity. items: $ref: '#/components/schemas/Approval' originalRequests: type: array description: Original actions that triggered all individual source actions related to the account action. items: $ref: '#/components/schemas/OriginalRequest' expansionItems: type: array description: Controls that translated the attribute requests into actual provisioning actions on the source. items: $ref: '#/components/schemas/ExpansionItem' accountRequests: type: array description: Account data for each individual source action triggered by the original requests. items: $ref: '#/components/schemas/AccountRequest' sources: type: string description: Sources involved in the account activity. example: smartsheet-test, airtable-v4, IdentityNow AccountActivityDocuments: type: object allOf: - $ref: '#/components/schemas/AccountActivityDocument' - $ref: '#/components/schemas/DocumentFields' BaseDocument: type: object required: - id - name properties: id: type: string example: 2c91808375d8e80a0175e1f88a575222 description: ID of the referenced object. name: type: string example: john.doe description: The human readable name of the referenced object. EntitlementDocuments: type: object allOf: - $ref: '#/components/schemas/EntitlementDocument' - $ref: '#/components/schemas/DocumentFields' EventDocument: type: object description: Event properties: id: type: string example: 2c91808375d8e80a0175e1f88a575222 description: ID of the entitlement. name: type: string example: Add Entitlement Passed description: Name of the entitlement. created: type: string description: ISO-8601 date-time referring to the time when the object was created. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' synced: type: string description: |- ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API. This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database. There may be some delay between the `synced` time and the time when the updated data is actually available in the search API. example: '2018-06-25T20:22:28.104Z' action: type: string description: Name of the event as it's displayed in audit reports. example: AddEntitlement type: type: string description: Event type. Refer to [Event Types](https://documentation.sailpoint.com/saas/help/search/index.html#event-types) for a list of event types and their meanings. example: ACCESS_ITEM actor: type: object properties: name: type: string description: Name of the actor that generated the event. example: System target: type: object properties: name: type: string description: Name of the target, or recipient, of the event. example: Carol.Adams stack: type: string description: The event's stack. example: tpe trackingNumber: type: string description: ID of the group of events. example: 63f891e0735f4cc8bf1968144a1e7440 ipAddress: type: string description: Target system's IP address. example: 52.52.97.85 details: type: string description: ID of event's details. example: 73b65dfbed1842548c207432a18c84b0 attributes: type: object description: Attributes involved in the event. additionalProperties: true example: pod: stg03-useast1 org: acme sourceName: SailPoint objects: type: array description: Objects the event is happening to. items: type: string example: AUTHENTICATION operation: type: string description: Operation, or action, performed during the event. example: ADD status: type: string description: Event status. Refer to [Event Statuses](https://documentation.sailpoint.com/saas/help/search/index.html#event-statuses) for a list of event statuses and their meanings. example: PASSED technicalName: type: string description: Event's normalized name. This normalized name always follows the pattern of 'objects_operation_status'. example: ENTITLEMENT_ADD_PASSED EventDocuments: type: object allOf: - $ref: '#/components/schemas/EventDocument' - properties: pod: type: string example: pod01-useast1 org: type: string example: org-name _type: $ref: '#/components/schemas/DocumentType' _version: type: string example: v2 DisplayReference: allOf: - $ref: '#/components/schemas/Reference' - type: object properties: displayName: type: string example: John Q. Doe ProcessingDetails: type: object properties: date: $ref: '#/components/schemas/DateTime' stage: type: string example: In Process retryCount: type: integer example: 0 format: int32 stackTrace: type: string example: message: type: string example: BaseAccount: allOf: - $ref: '#/components/schemas/Reference' - type: object properties: accountId: type: string description: Account ID. example: John.Doe source: $ref: '#/components/schemas/AccountSource' disabled: type: boolean description: Indicates whether the account is disabled. default: false example: false locked: type: boolean description: Indicates whether the account is locked. default: false example: false privileged: type: boolean description: Indicates whether the account is privileged. default: false example: false manuallyCorrelated: type: boolean description: Indicates whether the account has been manually correlated to an identity. default: false example: false passwordLastSet: $ref: '#/components/schemas/DateTime' entitlementAttributes: type: object nullable: true description: Map or dictionary of key/value pairs. additionalProperties: true example: moderator: true admin: true trust_level: '4' created: type: string description: ISO-8601 date-time referring to the time when the object was created. nullable: true format: date-time example: '2018-06-25T20:22:28.104Z' supportsPasswordChange: type: boolean description: Indicates whether the account supports password change. default: false example: false accountAttributes: type: object nullable: true description: Map or dictionary of key/value pairs. additionalProperties: true example: type: global admin: true trust_level: '4' App: allOf: - $ref: '#/components/schemas/Reference' - type: object properties: source: $ref: '#/components/schemas/Reference' account: type: object properties: id: type: string description: The SailPoint generated unique ID example: 2c9180837dfe6949017e21f3d8cd6d49 accountId: type: string description: The account ID generated by the source example: CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com Access: allOf: - $ref: '#/components/schemas/DisplayReference' - type: object properties: description: description: Description of access item. type: string nullable: true example: null AccessProfileEntitlement: description: EntitlementReference allOf: - $ref: '#/components/schemas/Access' - type: object properties: source: $ref: '#/components/schemas/Reference' type: type: string description: Type of the access item. example: ENTITLEMENT privileged: type: boolean example: false attribute: type: string example: memberOf value: type: string example: CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: type: boolean example: false AccessProfileRole: description: Role allOf: - $ref: '#/components/schemas/Access' - type: object properties: type: type: string description: Type of the access item. example: ROLE owner: $ref: '#/components/schemas/DisplayReference' disabled: type: boolean revocable: type: boolean IdentityAccess: discriminator: propertyName: type mapping: ACCESS_PROFILE: '#/components/schemas/AccessProfileSummary' ENTITLEMENT: '#/components/schemas/AccessProfileEntitlement' ROLE: '#/components/schemas/AccessProfileRole' oneOf: - $ref: '#/components/schemas/AccessProfileSummary' - $ref: '#/components/schemas/AccessProfileEntitlement' - $ref: '#/components/schemas/AccessProfileRole' Owns: type: object properties: sources: type: array items: $ref: '#/components/schemas/Reference' entitlements: type: array items: $ref: '#/components/schemas/Reference' accessProfiles: type: array items: $ref: '#/components/schemas/Reference' roles: type: array items: $ref: '#/components/schemas/Reference' apps: type: array items: $ref: '#/components/schemas/Reference' governanceGroups: type: array items: $ref: '#/components/schemas/Reference' fallbackApprover: type: boolean example: false IdentityDocuments: type: object allOf: - $ref: '#/components/schemas/IdentityDocument' - $ref: '#/components/schemas/DocumentFields' BaseAccessProfile: type: object properties: id: type: string example: 2c91809c6faade77016fb4f0b63407ae description: Access profile's unique ID. name: type: string example: Admin Access description: Access profile's display name. RoleDocuments: type: object allOf: - $ref: '#/components/schemas/RoleDocument' - $ref: '#/components/schemas/DocumentFields' SearchDocuments: type: object oneOf: - $ref: '#/components/schemas/AccessProfileDocuments' - $ref: '#/components/schemas/AccountActivityDocuments' - $ref: '#/components/schemas/EntitlementDocuments' - $ref: '#/components/schemas/EventDocuments' - $ref: '#/components/schemas/IdentityDocuments' - $ref: '#/components/schemas/RoleDocuments' AggregationResult: type: object properties: aggregations: type: object description: | The document containing the results of the aggregation. This document is controlled by Elasticsearch and depends on the type of aggregation query that is run. See Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) documentation for information. example: Identity Locations: buckets: - key: Austin doc_count: 109 - key: London doc_count: 64 - key: San Jose doc_count: 27 - key: Brussels doc_count: 26 - key: Sao Paulo doc_count: 24 - key: Munich doc_count: 23 - key: Singapore doc_count: 22 - key: Tokyo doc_count: 20 - key: Taipei doc_count: 16 hits: description: | The results of the aggregation search query. type: array items: $ref: '#/components/schemas/SearchDocuments' AggregationResult-csv: description: | If the *Accept:text/csv* header is specified and the *aggregationType* parameter in the request body is *SAILPOINT*, the aggregation result will be returned as a CSV document. type: string example: - Identity Locations,Count - Munich,23 - Brussels,26 - Singapore,22 - Tokyo,20 - Taipei,16 - London,64 - Austin,109 - Sao Paulo,24 - San Jose,27 OwnerReferenceSegments: type: object nullable: true description: The owner of this object. properties: type: type: string enum: - IDENTITY description: Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result. example: IDENTITY id: type: string description: Identity id example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result. example: support Segment: type: object title: Segment properties: id: type: string description: The segment's ID. example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde name: type: string description: The segment's business name. example: segment-xyz created: type: string format: date-time description: The time when the segment is created. example: '2020-01-01T00:00:00.000000Z' modified: type: string format: date-time description: The time when the segment is modified. example: '2020-01-01T00:00:00.000000Z' description: type: string description: The segment's optional description. example: This segment represents xyz owner: $ref: '#/components/schemas/OwnerReferenceSegments' visibilityCriteria: allOf: - $ref: '#/components/schemas/VisibilityCriteria' - nullable: true active: type: boolean description: This boolean indicates whether the segment is currently active. Inactive segments have no effect. default: false example: true SourceClusterDto: type: object title: Source Cluster Dto description: Source cluster. properties: type: type: string description: Source cluster DTO type. enum: - CLUSTER example: CLUSTER id: type: string description: Source cluster ID. example: 2c9180847a7fccdd017aa5896f9f4f6f name: type: string description: Source cluster display name. example: Training VA ServiceDeskSource: type: object title: Service Desk Source description: Source for Service Desk integration template. properties: type: type: string description: DTO type of source for service desk integration template. enum: - SOURCE example: SOURCE id: type: string description: ID of source for service desk integration template. example: 2c9180835d191a86015d28455b4b232a name: type: string description: Human-readable name of source for service desk integration template. example: HR Active Directory BeforeProvisioningRuleDto: type: object title: Before Provisioning Rule Dto description: Before Provisioning Rule. properties: type: type: string description: Before Provisioning Rule DTO type. enum: - RULE example: RULE id: type: string description: Before Provisioning Rule ID. example: 048eb3d55c5a4758bd07dccb87741c78 name: type: string description: Rule display name. example: Before Provisioning Airtable Rule PasswordInfoQueryDTO: type: object title: Password Info Query DTO properties: userName: type: string description: The login name of the user example: Abby.Smith sourceName: type: string description: The display name of the source example: My-AD PasswordInfoAccount: type: object title: Password Info Account properties: accountId: type: string description: Account ID of the account. This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350 example: CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com accountName: type: string description: Display name of the account. This is specified per account schema in the source configuration. It is used to display name of the account. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-Name-for/ta-p/74008 example: Abby.Smith PasswordInfo: type: object title: Password Info properties: identityId: type: string description: Identity ID example: 2c918085744fec4301746f9a5bce4605 sourceId: type: string description: source ID example: 2c918083746f642c01746f990884012a publicKeyId: type: string description: public key ID example: N2M1OTJiMGEtMDJlZS00ZWU3LTkyYTEtNjA5YmI5NWE3ZWVh publicKey: type: string description: User's public key with Base64 encoding example: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGFkWi2J75TztpbaPKd36bJnIB3J8gZ6UcoS9oSDYsqBzPpTsfZXYaEf4Y4BKGgJIXmE/lwhwuj7mU1itdZ2qTSNFtnXA8Fn75c3UUkk+h+wdZbkuSmqlsJo3R1OnJkwkJggcAy9Jvk9jlcrNLWorpQ1w9raUvxtvfgkSdq153KxotenQ1HciSyZ0nA/Kw0UaucLnho8xdRowZs11afXGXA9IT9H6D8T6zUdtSxm0nAyH+mluma5LdTfaM50W3l/L8q56Vrqmx2pZIiwdx/0+g3Y++jV70zom0ZBkC1MmSoLMrQYG5OICNjr72f78B2PaGXfarQHqARLjKpMVt9YIQIDAQAB accounts: type: array description: Account info related to queried identity and source items: $ref: '#/components/schemas/PasswordInfoAccount' policies: type: array description: Password constraints items: type: string example: - passwordRepeatedChar is 3 - passwordMinAlpha is 1 - passwordMinLength is 5 - passwordMinNumeric is 1 PasswordChangeRequest: type: object title: Password Change Request properties: identityId: type: string description: The identity ID that requested the password change example: 8a807d4c73c545510173c545f0a002ff encryptedPassword: type: string description: The RSA encrypted password example: XzN+YwKgr2C+InkMYFMBG3UtjMEw5ZIql/XFlXo8cJNeslmkplx6vn4kd4/43IF9STBk5RnzR6XmjpEO+FwHDoiBwYZAkAZK/Iswxk4OdybG6Y4MStJCOCiK8osKr35IMMSV/mbO4wAeltoCk7daTWzTGLiI6UaT5tf+F2EgdjJZ7YqM8W8r7aUWsm3p2Xt01Y46ZRx0QaM91QruiIx2rECFT2pUO0wr+7oQ77jypATyGWRtADsu3YcvCk/6U5MqCnXMzKBcRas7NnZdSL/d5H1GglVGz3VLPMaivG4/oL4chOMmFCRl/zVsGxZ9RhN8rxsRGFFKn+rhExTi+bax3A== publicKeyId: type: string description: The encryption key ID example: YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2 accountId: type: string description: Account ID of the account This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350 example: CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com sourceId: type: string description: The ID of the source for which identity is requesting the password change example: 8a807d4c73c545510173c545d4b60246 PasswordChangeResponse: type: object title: Password Change Response properties: requestId: type: string nullable: true description: The password change request ID example: 089899f13a8f4da7824996191587bab9 state: type: string enum: - IN_PROGRESS - FINISHED - FAILED description: Password change state example: IN_PROGRESS PasswordStatus: type: object title: Password Status properties: requestId: type: string nullable: true description: The password change request ID example: 089899f13a8f4da7824996191587bab9 state: type: string enum: - IN_PROGRESS - FINISHED - FAILED description: Password change state example: IN_PROGRESS errors: type: array items: type: string description: The errors during the password change request example: - The password change payload is invalid sourceIds: type: array items: type: string description: List of source IDs in the password change request example: - 2c918083746f642c01746f990884012a PasswordOrgConfig: type: object title: Password Org Config properties: customInstructionsEnabled: type: boolean description: Indicator whether custom password instructions feature is enabled. The default value is false. default: false example: true digitTokenEnabled: type: boolean description: Indicator whether "digit token" feature is enabled. The default value is false. default: false example: true digitTokenDurationMinutes: type: integer format: int32 description: The duration of "digit token" in minutes. The default value is 5. minimum: 1 maximum: 60 default: 5 example: 10 digitTokenLength: type: integer format: int32 description: The length of "digit token". The default value is 6. minimum: 6 maximum: 18 default: 6 example: 9 ReportResults: type: object description: Details about report result or current state. properties: reportType: type: string enum: - ACCOUNTS - IDENTITIES_DETAILS - IDENTITIES - IDENTITY_PROFILE_IDENTITY_ERROR - ORPHAN_IDENTITIES - SEARCH_EXPORT - UNCORRELATED_ACCOUNTS description: Use this property to define what report should be processed in the RDE service. example: IDENTITIES_DETAILS taskDefName: type: string description: Name of the task definition which is started to process requesting report. Usually the same as report name example: Identities Details Report id: type: string description: Unique task definition identifier. example: a248c16fe22222b2bd49615481311111 created: type: string description: Report processing start date format: date-time example: '2020-09-07T42:14:00.364Z' status: type: string enum: - SUCCESS - FAILURE - WARNING - TERMINATED description: Report current state or result status. example: SUCCESS duration: type: integer format: int64 description: Report processing time in ms. example: 342 rows: type: integer format: int64 description: Report size in rows. example: 37 availableFormats: type: array items: type: string enum: - CSV - PDF description: Output report file formats. This are formats for calling get endpoint as a query parameter 'fileFormat'. In case report won't have this argument there will be ['CSV', 'PDF'] as default. example: - CSV accounts-export-report-arguments: title: ACCOUNTS type: object description: Arguments for Account Export report (ACCOUNTS) required: - application - sourceName properties: application: type: string description: Source ID. example: 2c9180897eSourceIde781782f705b9 sourceName: type: string description: Source name. example: Active Directory identities-details-report-arguments: title: IDENTITIES_DETAILS type: object description: Arguments for Identities Details report (IDENTITIES_DETAILS) required: - correlatedOnly properties: correlatedOnly: type: boolean description: Flag to specify if only correlated identities are included in report. default: false example: true identities-report-arguments: title: IDENTITIES type: object description: Arguments for Identities report (IDENTITIES) properties: correlatedOnly: type: boolean description: Flag to specify if only correlated identities are included in report. default: false example: true identity-profile-identity-error-report-arguments: title: IDENTITY_PROFILE_IDENTITY_ERROR type: object description: Arguments for Identity Profile Identity Error report (IDENTITY_PROFILE_IDENTITY_ERROR) required: - authoritativeSource properties: authoritativeSource: type: string description: Source ID. example: 1234sourceId5678902 orphan-identities-report-arguments: title: ORPHAN_IDENTITIES type: object description: Arguments for Orphan Identities report (ORPHAN_IDENTITIES) properties: selectedFormats: type: array items: type: string enum: - CSV - PDF description: Output report file formats. These are formats for calling GET endpoint as query parameter 'fileFormat'. In case report won't have this argument there will be ['CSV', 'PDF'] as default. example: - CSV search-export-report-arguments: title: SEARCH_EXPORT type: object description: | Arguments for Search Export report (SEARCH_EXPORT) The report file generated will be a zip file containing csv files of the search results. required: - query properties: indices: description: The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched. externalDocs: description: Learn more about search indices here. url: https://documentation.sailpoint.com/saas/help/search/searchable-fields.html type: array items: $ref: '#/components/schemas/Index' example: - entitlements query: description: The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries. type: string example: name:a* columns: description: | Comma separated string consisting of technical attribute names of fields to include in report. Use `access.spread`, `apps.spread`, `accounts.spread` to include respective identity access details. Use `accessProfiles.spread` to unclude access profile details. Use `entitlements.spread` to include entitlement details. type: string example: displayName,firstName,lastName,email,created,attributes.cloudLifecycleState sort: description: The fields to be used to sort the search results. Use + or - to specify the sort direction. type: array items: type: string example: - displayName - +id uncorrelated-accounts-report-arguments: title: UNCORRELATED_ACCOUNTS type: object description: Arguments for Uncorrelated Accounts report (UNCORRELATED_ACCOUNTS) properties: selectedFormats: type: array items: type: string enum: - CSV - PDF description: Output report file formats. These are formats for calling GET endpoint as query parameter 'fileFormat'. In case report won't have this argument there will be ['CSV', 'PDF'] as default. example: - CSV ReportDetails: type: object description: Details about report to be processed. properties: reportType: type: string enum: - ACCOUNTS - IDENTITIES_DETAILS - IDENTITIES - IDENTITY_PROFILE_IDENTITY_ERROR - ORPHAN_IDENTITIES - SEARCH_EXPORT - UNCORRELATED_ACCOUNTS description: Use this property to define what report should be processed in the RDE service. example: ACCOUNTS arguments: anyOf: - $ref: '#/components/schemas/accounts-export-report-arguments' - $ref: '#/components/schemas/identities-details-report-arguments' - $ref: '#/components/schemas/identities-report-arguments' - $ref: '#/components/schemas/identity-profile-identity-error-report-arguments' - $ref: '#/components/schemas/orphan-identities-report-arguments' - $ref: '#/components/schemas/search-export-report-arguments' - $ref: '#/components/schemas/uncorrelated-accounts-report-arguments' example: application: 2c9180897e7742b2017e781782f705b9 sourceName: Active Directory description: The string-object map(dictionary) with the arguments needed for report processing. TaskResultDetails: type: object description: Details about job or task type, state and lifecycle. properties: type: type: string enum: - QUARTZ - QPOC - MENTOS - QUEUED_TASK description: Type of the job or task underlying in the report processing. It could be a quartz task, QPOC or MENTOS jobs or a refresh/sync task. example: MENTOS id: type: string description: Unique task definition identifier. example: a248c16fe22222b2bd49615481311111 reportType: type: string enum: - ACCOUNTS - IDENTITIES_DETAILS - IDENTITIES - IDENTITY_PROFILE_IDENTITY_ERROR - ORPHAN_IDENTITIES - SEARCH_EXPORT - UNCORRELATED_ACCOUNTS description: Use this property to define what report should be processed in the RDE service. example: IDENTITIES_DETAILS description: type: string description: Description of the report purpose and/or contents. example: A detailed view of the identities in the system. parentName: type: string nullable: true description: Name of the parent task/report if exists. example: Audit Report launcher: type: string description: Name of the report processing initiator. example: cloudadmin created: type: string description: Report creation date format: date-time example: '2020-09-07T42:14:00.364Z' launched: type: string nullable: true format: date-time description: Report start date example: '2020-09-07T42:14:00.521Z' completed: type: string nullable: true format: date-time description: Report completion date example: '2020-09-07T42:14:01.137Z' completionStatus: type: string nullable: true enum: - SUCCESS - WARNING - ERROR - TERMINATED - TEMP_ERROR description: Report completion status. example: Success messages: type: array description: List of the messages dedicated to the report. From task definition perspective here usually should be warnings or errors. example: [] items: type: object properties: type: type: string description: Type of the message. enum: - INFO - WARN - ERROR example: WARN error: type: boolean default: false description: Flag whether message is an error. example: false warning: type: boolean default: false description: Flag whether message is a warning. example: true key: type: string description: Message string identifier. example: 'The following account(s) failed to correlate: A,B,C' localizedText: type: string description: Message context with the locale based language. example: 'The following account(s) failed to correlate: A,B,C' returns: type: array description: Task definition results, if necessary. example: [] items: type: object properties: displayLabel: type: string description: Attribute description. example: ' ' attributeName: type: string description: System or database attribute name. example: ' ' attributes: type: object description: Extra attributes map(dictionary) needed for the report. example: org: an-org progress: type: string nullable: true description: Current report state. example: Initializing... ViolationOwnerAssignmentConfig: type: object title: Violation Owner Assignment Config properties: assignmentRule: type: string enum: - MANAGER - STATIC - null description: |- Details about the violations owner. MANAGER - identity's manager STATIC - Governance Group or Identity example: MANAGER nullable: true ownerRef: type: object description: The owner of the violation assignment config. nullable: true properties: type: type: string description: Owner type. enum: - IDENTITY - GOVERNANCE_GROUP - MANAGER - null example: IDENTITY id: type: string description: Owner's ID. example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Owner's name. example: Support AccessCriteria: type: object title: Access Criteria properties: name: type: string description: Business name for the access construct list example: money-in criteriaList: type: array description: List of criteria. There is a min of 1 and max of 50 items in the list. minItems: 1 maxItems: 50 items: type: object properties: type: type: string enum: - ENTITLEMENT description: Type of the propery to which this reference applies to example: ENTITLEMENT id: type: string description: ID of the object to which this reference applies to example: 2c91808568c529c60168cca6f90c1313 name: type: string description: Human-readable display name of the object to which this reference applies to example: Administrator example: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a66 name: Administrator - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a67 name: Administrator ConflictingAccessCriteria: type: object title: Conflicting Access Criteria properties: leftCriteria: $ref: '#/components/schemas/AccessCriteria' rightCriteria: $ref: '#/components/schemas/AccessCriteria' SodPolicy: type: object title: Sod Policy properties: id: type: string description: Policy id example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde readOnly: true name: type: string description: Policy Business Name example: policy-xyz created: type: string format: date-time description: The time when this SOD policy is created. example: '2020-01-01T00:00:00.000000Z' readOnly: true modified: type: string format: date-time description: The time when this SOD policy is modified. example: '2020-01-01T00:00:00.000000Z' readOnly: true description: type: string description: Optional description of the SOD policy example: This policy ensures compliance of xyz nullable: true ownerRef: type: object description: The owner of the SOD policy. properties: type: type: string description: Owner type. enum: - IDENTITY - GOVERNANCE_GROUP example: IDENTITY id: type: string description: Owner's ID. example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Owner's name. example: Support externalPolicyReference: type: string description: Optional External Policy Reference example: XYZ policy nullable: true policyQuery: type: string description: Search query of the SOD policy example: '@access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdg) AND @access(id:0f11f2a4-7c94-4bf3-a2bd-742580fe3bdf)' compensatingControls: type: string description: Optional compensating controls(Mitigating Controls) example: Have a manager review the transaction decisions for their "out of compliance" employee nullable: true correctionAdvice: type: string description: Optional correction advice example: Based on the role of the employee, managers should remove access that is not required for their job function. nullable: true state: type: string description: whether the policy is enforced or not enum: - ENFORCED - NOT_ENFORCED example: ENFORCED tags: type: array description: tags for this policy object example: - TAG1 - TAG2 items: type: string creatorId: type: string description: Policy's creator ID example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde readOnly: true modifierId: type: string description: Policy's modifier ID example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde nullable: true readOnly: true violationOwnerAssignmentConfig: $ref: '#/components/schemas/ViolationOwnerAssignmentConfig' nullable: true scheduled: type: boolean description: defines whether a policy has been scheduled or not example: true default: false type: type: string description: whether a policy is query based or conflicting access based default: GENERAL enum: - GENERAL - CONFLICTING_ACCESS_BASED example: GENERAL conflictingAccessCriteria: allOf: - $ref: '#/components/schemas/ConflictingAccessCriteria' - nullable: true SodRecipient: type: object title: Sod Recipient description: SOD policy recipient. properties: type: type: string description: SOD policy recipient DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: SOD policy recipient's identity ID. example: 2c7180a46faadee4016fb4e018c20642 name: type: string description: SOD policy recipient's display name. example: Michael Michaels SodPolicySchedule: type: object title: Sod Policy Schedule properties: name: type: string description: SOD Policy schedule name example: SCH-1584312283015 created: type: string format: date-time description: The time when this SOD policy schedule is created. example: '2020-01-01T00:00:00.000000Z' readOnly: true modified: type: string format: date-time description: The time when this SOD policy schedule is modified. example: '2020-01-01T00:00:00.000000Z' readOnly: true description: type: string description: SOD Policy schedule description example: Schedule for policy xyz schedule: $ref: '#/components/schemas/Schedule' recipients: type: array items: $ref: '#/components/schemas/SodRecipient' emailEmptyResults: type: boolean description: Indicates if empty results need to be emailed example: false default: false creatorId: type: string description: Policy's creator ID example: 0f11f2a47c944bf3a2bd742580fe3bde readOnly: true modifierId: type: string description: Policy's modifier ID example: 0f11f2a47c944bf3a2bd742580fe3bde readOnly: true IdentityWithNewAccess: description: An identity with a set of access to be added required: - identityId - accessRefs type: object properties: identityId: description: Identity id to be checked. type: string example: 2c91808568c529c60168cca6f90c1313 accessRefs: description: The list of entitlements to consider for possible violations in a preventive check. type: array items: type: object description: Entitlement including a specific set of access. properties: type: type: string description: Entitlement's DTO type. enum: - ENTITLEMENT example: ENTITLEMENT nullable: false id: type: string description: Entitlement's ID. example: 2c91809773dee32014e13e122092014e nullable: false example: - type: ENTITLEMENT id: 2c918087682f9a86016839c050861ab1 - type: ENTITLEMENT id: 2c918087682f9a86016839c0509c1ab2 SodPolicyDto-2: type: object description: SOD policy. properties: type: type: string description: SOD policy DTO type. enum: - SOD_POLICY example: SOD_POLICY id: type: string description: SOD policy ID. example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde name: type: string description: SOD policy display name. example: Business SOD Policy ExceptionCriteriaAccess: type: object properties: type: $ref: '#/components/schemas/DtoType' description: DTO type id: type: string description: ID of the object to which this reference applies example: 2c91808568c529c60168cca6f90c1313 name: type: string description: Human-readable display name of the object to which this reference applies example: CN=HelpDesk,OU=test,OU=test-service,DC=TestAD,DC=local existing: type: boolean description: Whether the subject identity already had that access or not default: false example: true description: Access reference with addition of boolean existing flag to indicate whether the access was extant ExceptionCriteria: type: object properties: criteriaList: type: array description: List of exception criteria. There is a min of 1 and max of 50 items in the list. items: allOf: - $ref: '#/components/schemas/ExceptionCriteriaAccess' description: The types of objects supported for SOD violations properties: type: enum: - ENTITLEMENT example: ENTITLEMENT description: The type of object that is referenced example: - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a66 existing: true - type: ENTITLEMENT id: 2c9180866166b5b0016167c32ef31a67 existing: false ExceptionAccessCriteria: type: object properties: leftCriteria: $ref: '#/components/schemas/ExceptionCriteria' rightCriteria: $ref: '#/components/schemas/ExceptionCriteria' ViolationContext: type: object properties: policy: allOf: - $ref: '#/components/schemas/SodPolicyDto-2' - type: object properties: type: type: string example: SOD_POLICY name: type: string example: A very cool policy name description: The types of objects supported for SOD violations properties: type: enum: - ENTITLEMENT example: ENTITLEMENT description: The type of object that is referenced conflictingAccessCriteria: $ref: '#/components/schemas/ExceptionAccessCriteria' nullable: false description: The object which contains the left and right hand side of the entitlements that got violated according to the policy. ViolationPrediction: description: An object containing a listing of the SOD violation reasons detected by this check. required: - requestId type: object properties: violationContexts: type: array description: List of Violation Contexts items: $ref: '#/components/schemas/ViolationContext' SodViolationCheck: description: An object referencing an SOD violation check required: - requestId type: object title: Sod Violation Check properties: requestId: description: The id of the original request example: 089899f13a8f4da7824996191587bab9 type: string created: type: string format: date-time readOnly: true description: The date-time when this request was created. example: '2020-01-01T00:00:00.000000Z' MultiPolicyRequest: type: object title: Multi Policy Request properties: filteredPolicyList: type: array description: Multi-policy report will be run for this list of ids items: type: string example: - b868cd40-ffa4-4337-9c07-1a51846cfa94 - 63a07a7b-39a4-48aa-956d-50c827deba2a UsageType: type: string nullable: false enum: - CREATE - UPDATE - ENABLE - DISABLE - DELETE - ASSIGN - UNASSIGN - CREATE_GROUP - UPDATE_GROUP - DELETE_GROUP - REGISTER - CREATE_IDENTITY - UPDATE_IDENTITY - EDIT_GROUP - UNLOCK - CHANGE_PASSWORD example: CREATE description: |- The type of provisioning policy usage. In IdentityNow, a source can support various provisioning operations. For example, when a joiner is added to a source, this may trigger both CREATE and UPDATE provisioning operations. Each usage type is considered a provisioning policy. A source can have any number of these provisioning policies defined. These are the common usage types: CREATE - This usage type relates to 'Create Account Profile', the provisioning template for the account to be created. For example, this would be used for a joiner on a source. UPDATE - This usage type relates to 'Update Account Profile', the provisioning template for the 'Update' connector operations. For example, this would be used for an attribute sync on a source. ENABLE - This usage type relates to 'Enable Account Profile', the provisioning template for the account to be enabled. For example, this could be used for a joiner on a source once the joiner's account is created. DISABLE - This usage type relates to 'Disable Account Profile', the provisioning template for the account to be disabled. For example, this could be used when a leaver is removed temporarily from a source. You can use these four usage types for all your provisioning policy needs. FieldDetailsDto: type: object title: Field Details Dto properties: name: type: string description: The name of the attribute. example: userName transform: type: object description: The transform to apply to the field example: type: rule attributes: name: Create Unique LDAP Attribute default: {} attributes: type: object description: Attributes required for the transform example: template: ${firstname}.${lastname}${uniqueCounter} cloudMaxUniqueChecks: '50' cloudMaxSize: '20' cloudRequired: 'true' isRequired: type: boolean readOnly: true description: Flag indicating whether or not the attribute is required. default: false example: false type: type: string description: | The type of the attribute. string: For text-based data. int: For whole numbers. long: For larger whole numbers. date: For date and time values. boolean: For true/false values. secret: For sensitive data like passwords, which will be masked and encrypted. enum: - string - int - long - date - boolean - secret example: string isMultiValued: type: boolean description: Flag indicating whether or not the attribute is multi-valued. default: false example: false ProvisioningPolicyDto: type: object title: Provisioning Policy Dto required: - name properties: name: nullable: true type: string description: the provisioning policy name example: example provisioning policy for inactive identities description: type: string description: the description of the provisioning policy example: this provisioning policy creates access based on an identity going inactive usageType: $ref: '#/components/schemas/UsageType' fields: type: array items: $ref: '#/components/schemas/FieldDetailsDto' AttributeDefinitionType: type: string enum: - STRING - LONG - INT - BOOLEAN - DATE description: The underlying type of the value which an AttributeDefinition represents. example: STRING AttributeDefinition: type: object title: Attribute Definition properties: name: type: string description: The name of the attribute. example: sAMAccountName nativeName: type: string nullable: true description: Attribute name in the native system. example: sAMAccountName type: $ref: '#/components/schemas/AttributeDefinitionType' description: The type of the attribute. example: STRING schema: description: A reference to the schema on the source to the attribute values map to. type: object nullable: true properties: type: description: The type of object being referenced type: string enum: - CONNECTOR_SCHEMA example: CONNECTOR_SCHEMA id: type: string description: The object ID this reference applies to. example: 2c91808568c529c60168cca6f90c1313 name: type: string description: The human-readable display name of the object. example: group description: type: string description: A human-readable description of the attribute. example: SAM Account Name isMulti: type: boolean description: Flag indicating whether or not the attribute is multi-valued. example: false default: false isEntitlement: type: boolean description: Flag indicating whether or not the attribute is an entitlement. example: false default: false isGroup: type: boolean description: | Flag indicating whether or not the attribute represents a group. This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. example: false default: false Schema: type: object title: Schema properties: id: type: string description: The id of the Schema. example: 2c9180835d191a86015d28455b4a2329 name: type: string description: The name of the Schema. example: account nativeObjectType: type: string description: The name of the object type on the native system that the schema represents. example: User identityAttribute: type: string description: The name of the attribute used to calculate the unique identifier for an object in the schema. example: sAMAccountName displayAttribute: type: string description: The name of the attribute used to calculate the display value for an object in the schema. example: distinguishedName hierarchyAttribute: type: string nullable: true description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. example: memberOf includePermissions: type: boolean description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. default: false example: false features: $ref: '#/components/schemas/SourceFeature' configuration: type: object description: Holds any extra configuration data that the schema may require. example: groupMemberAttribute: member attributes: type: array description: The attribute definitions which form the schema. items: $ref: '#/components/schemas/AttributeDefinition' example: - name: sAMAccountName type: STRING isMultiValued: false isEntitlement: false isGroup: false - name: memberOf type: STRING schema: type: CONNECTOR_SCHEMA id: 2c9180887671ff8c01767b4671fc7d60 name: group description: Group membership isMultiValued: true isEntitlement: true isGroup: true created: type: string description: The date the Schema was created. format: date-time example: '2019-12-24T22:32:58.104Z' modified: type: string nullable: true description: The date the Schema was last modified. format: date-time example: '2019-12-31T20:22:28.104Z' Schedule-3: type: object required: - type - cronExpression properties: type: type: string enum: - ACCOUNT_AGGREGATION - GROUP_AGGREGATION description: The type of the Schedule. example: ACCOUNT_AGGREGATION cronExpression: type: string description: The cron expression of the schedule. example: 0 0 5,13,21 * * ? IdentityProfilesConnections: type: object title: Identity Profiles Connections properties: id: type: string description: ID of the IdentityProfile this reference applies example: 76cfddb62818416f816bc494410f46c4 name: type: string description: Human-readable display name of the IdentityProfile to which this reference applies example: ODS-Identity-Profile identityCount: type: integer format: int64 description: The Number of Identities managed by this IdentityProfile example: 100 RequiresPeriodicRefresh: type: boolean description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process example: false default: false input: type: object description: This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI. additionalProperties: true example: type: accountAttribute attributes: attributeName: first_name sourceName: Source AccountAttribute: title: accountAttribute type: object required: - sourceName - attributeName properties: sourceName: type: string description: A reference to the source to search for the account example: Workday attributeName: type: string description: The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema. example: DEPARTMENT accountSortAttribute: type: string description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries example: created default: created accountSortDescending: type: boolean description: The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order) example: false default: false accountReturnFirstLink: type: boolean description: The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false example: false default: false accountFilter: type: string description: |- This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements example: '!(nativeIdentity.startsWith("*DELETED*"))' accountPropertyFilter: type: string description: |- This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. All account attributes are available for filtering as this operation is performed in memory. example: (groups.containsAll({'Admin'}) || location == 'Austin') requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Base64Decode: title: base64Decode type: object properties: requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Base64Encode: title: base64Encode type: object properties: requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Concatenation: title: concat type: object required: - values properties: values: type: array items: type: object description: An array of items to join together example: - John - ' ' - Smith requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Conditional: title: conditional type: object required: - expression - positiveCondition - negativeCondition properties: expression: type: string description: |- A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. The `eq` operator is the only valid comparison example: ValueA eq ValueB positiveCondition: type: string description: The output of the transform if the expression evalutes to true example: 'true' negativeCondition: type: string description: The output of the transform if the expression evalutes to false example: 'false' requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' namedConstructs: title: Named Construct type: string description: | | Construct | Date Time Pattern | Description | | --------- | ----------------- | ----------- | | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | enum: - ISO8601 - LDAP - PEOPLE_SOFT - EPOCH_TIME_JAVA - EPOCH_TIME_WIN32 example: PEOPLE_SOFT simpleDateFormat: title: Java Simple Date Format type: string description: | There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. (This table is from the SimpleDateFormat page.) | Date Time Pattern | Result | | ----------------- | ------ | | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | | `h:mm a` | 12:08 PM | | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | | `K:mm a, z` | 0:08 PM, PDT | | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | | `yyMMddHHmmssZ` | 010704120856-0700 | | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | | `YYYY-'W'ww-u` | 2001-W27-3 | example: mm/dd/yyyy DateFormat: title: dateFormat type: object properties: inputFormat: description: |- A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* oneOf: - $ref: '#/components/schemas/namedConstructs' - $ref: '#/components/schemas/simpleDateFormat' outputFormat: description: |- A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* oneOf: - $ref: '#/components/schemas/namedConstructs' - $ref: '#/components/schemas/simpleDateFormat' requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' DateCompare: title: dateCompare type: object required: - firstDate - secondDate - operator - positiveCondition - negativeCondition properties: firstDate: description: This is the first date to consider (The date that would be on the left hand side of the comparison operation). oneOf: - $ref: '#/components/schemas/AccountAttribute' - $ref: '#/components/schemas/DateFormat' secondDate: description: This is the second date to consider (The date that would be on the right hand side of the comparison operation). oneOf: - $ref: '#/components/schemas/AccountAttribute' - $ref: '#/components/schemas/DateFormat' operator: type: string description: | This is the comparison to perform. | Operation | Description | | --------- | ------- | | LT | Strictly less than: `firstDate < secondDate` | | LTE | Less than or equal to: `firstDate <= secondDate` | | GT | Strictly greater than: `firstDate > secondDate` | | GTE | Greater than or equal to: `firstDate >= secondDate` | enum: - LT - LTE - GT - GTE example: LT positiveCondition: type: string description: The output of the transform if the expression evalutes to true example: 'true' negativeCondition: type: string description: The output of the transform if the expression evalutes to false example: false requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' DateMath: title: dateMath type: object required: - expression properties: expression: type: string description: | A string value of the date and time components to operation on, along with the math operations to execute. externalDocs: description: Date Math Expressions url: https://developer.sailpoint.com/docs/extensibility/transforms/operations/date-math#transform-structure example: now+1w roundUp: type: boolean description: | A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. If not provided, the transform will default to `false` `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component) `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated) example: false default: false requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' DecomposeDiacriticalMarks: title: decomposeDiacriticalMarks type: object properties: requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' E164phone: title: e164phone type: object properties: defaultRegion: type: string description: | This is an optional attribute that can be used to define the region of the phone number to format into. If defaultRegion is not provided, it will take US as the default country. The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) example: US requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' FirstValid: title: firstValid type: object required: - values properties: values: type: array items: type: object description: An array of attributes to evaluate for existence. example: - attributes: sourceName: Active Directory attributeName: sAMAccountName type: accountAttribute - attributes: sourceName: Okta attributeName: login type: accountAttribute - attributes: sourceName: HR Source attributeName: employeeID type: accountAttribute ignoreErrors: type: boolean description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur. example: false default: false requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' TransformRule: type: object required: - name properties: name: type: string description: This is the name of the Transform rule that needs to be invoked by the transform example: Transform Calculation Rule requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' GenerateRandomString: type: object required: - name - operation - includeNumbers - includeSpecialChars - length properties: name: type: string description: This must always be set to "Cloud Services Deployment Utility" example: Cloud Services Deployment Utility operation: type: string description: The operation to perform `generateRandomString` example: generateRandomString includeNumbers: type: boolean description: This must be either "true" or "false" to indicate whether the generator logic should include numbers example: true includeSpecialChars: type: boolean description: This must be either "true" or "false" to indicate whether the generator logic should include special characters example: true length: type: string description: | This specifies how long the randomly generated string needs to be >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters example: '10' requiresPeriodicRefresh: type: boolean description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process example: false GetReferenceIdentityAttribute: type: object required: - name - operation - uid properties: name: type: string description: This must always be set to "Cloud Services Deployment Utility" example: Cloud Services Deployment Utility operation: type: string description: The operation to perform `getReferenceIdentityAttribute` example: getReferenceIdentityAttribute uid: type: string description: | This is the SailPoint User Name (uid) value of the identity whose attribute is desired As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute. example: 2c91808570313110017040b06f344ec9 requiresPeriodicRefresh: type: boolean description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process example: false Rule: title: rule oneOf: - $ref: '#/components/schemas/TransformRule' - $ref: '#/components/schemas/GenerateRandomString' - $ref: '#/components/schemas/GetReferenceIdentityAttribute' IdentityAttribute: title: identityAttribute type: object required: - name properties: name: type: string description: The system (camel-cased) name of the identity attribute to bring in example: email requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' IndexOf: title: indexOf type: object required: - substring properties: substring: type: string description: A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring. example: admin_ requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' ISO3166: title: iso3166 type: object properties: format: type: string description: | An optional value to denote which ISO 3166 format to return. Valid values are: `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied `alpha3` - Three-character country code (e.g., "USA") `numeric` - The numeric country code (e.g., "840") example: alpha2 requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' LeftPad: title: leftPad type: object required: - length properties: length: type: string description: An integer value for the desired length of the final output string example: '4' padding: type: string description: | A string value representing the character that the incoming data should be padded with to get to the desired length If not provided, the transform will default to a single space (" ") character for padding example: '0' requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Lookup: title: lookup type: object required: - table properties: table: type: object additionalProperties: true description: | This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform. example: USA: Americas FRA: EMEA AUS: APAC default: Unknown Region requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Lower: title: lower type: object properties: requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' NameNormalizer: title: nameNormalizer type: object properties: requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' RandomAlphaNumeric: title: randomAlphaNumeric type: object properties: length: type: string description: | This is an integer value specifying the size/number of characters the random string must contain * This value must be a positive number and cannot be blank * If no length is provided, the transform will default to a value of `32` * Due to identity attribute data constraints, the maximum allowable value is `450` characters example: '10' requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' RandomNumeric: title: randomNumeric type: object properties: length: type: string description: | This is an integer value specifying the size/number of characters the random string must contain * This value must be a positive number and cannot be blank * If no length is provided, the transform will default to a value of `32` * Due to identity attribute data constraints, the maximum allowable value is `450` characters example: '10' requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Reference-2: title: reference type: object required: - id properties: id: type: string description: This ID specifies the name of the pre-existing transform which you want to use within your current transform example: Existing Transform requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' ReplaceAll: title: replaceAll type: object required: - table properties: table: type: object additionalProperties: true description: An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value. example: '-': ' ' '"': '''' ñ: 'n' requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Replace: title: replace type: object required: - regex - replacement properties: regex: type: string description: This can be a string or a regex pattern in which you want to replace. example: '[^a-zA-Z]' externalDocs: description: Regex Builder url: https://regex101.com/ replacement: type: string description: This is the replacement string that should be substituded wherever the string or pattern is found. example: ' ' requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' RightPad: title: rightPad type: object required: - length properties: length: type: string description: An integer value for the desired length of the final output string example: '4' padding: type: string description: | A string value representing the character that the incoming data should be padded with to get to the desired length If not provided, the transform will default to a single space (" ") character for padding example: '0' requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Split: title: split type: object required: - delimiter - index properties: delimiter: type: string description: This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data example: ',' index: type: string description: An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc. example: '5' throws: type: boolean description: | A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array) `true` - The transform should return "IndexOutOfBoundsException" `false` - The transform should return null If not provided, the transform will default to false and return a null example: true default: false requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Static: title: static type: object required: - values properties: values: type: string description: This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language. example: string$variable externalDocs: description: Static Transform Documentation url: https://developer.sailpoint.com/docs/extensibility/transforms/operations/static requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' Substring: title: substring type: object required: - begin properties: begin: type: integer description: | The index of the first character to include in the returned substring. If `begin` is set to -1, the transform will begin at character 0 of the input data example: 1 format: int32 beginOffset: type: integer description: | This integer value is the number of characters to add to the begin attribute when returning a substring. This attribute is only used if begin is not -1. example: 3 format: int32 end: type: integer description: | The index of the first character to exclude from the returned substring. If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string. example: 6 format: int32 endOffset: type: integer description: | This integer value is the number of characters to add to the end attribute when returning a substring. This attribute is only used if end is provided and is not -1. example: 1 format: int32 requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Trim: title: trim type: object properties: requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' Upper: title: upper type: object properties: requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' input: $ref: '#/components/schemas/input' UUIDGenerator: title: uuid type: object properties: requiresPeriodicRefresh: $ref: '#/components/schemas/RequiresPeriodicRefresh' TransformRead: allOf: - $ref: '#/components/schemas/Transform' - type: object required: - id - internal properties: id: type: string description: Unique ID of this transform example: 2cd78adghjkja34jh2b1hkjhasuecd internal: type: boolean description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform example: false default: false DependantAppConnections: type: object title: Dependant App Connections properties: cloudAppId: type: string description: Id of the connected Application example: 9e3cdd80edf84f119327df8bbd5bb5ac description: type: string description: Description of the connected Application example: This is a Sailpoint application enabled: type: boolean description: Is the Application enabled example: true default: true provisionRequestEnabled: type: boolean description: Is Provisioning enabled for connected Application example: true default: true accountSource: type: object description: The Account Source of the connected Application properties: useForPasswordManagement: type: boolean description: Use this Account Source for password management example: false default: false passwordPolicies: type: array description: A list of Password Policies for this Account Source items: type: object properties: type: type: string description: DTO type example: PASSWORD_POLICY id: type: string description: ID of the object to which this reference applies example: 2c91808568c529c60168cca6f90c1313 name: type: string description: Human-readable display name of the object to which this reference applies example: Policy ODS launcherCount: type: integer format: int64 description: The amount of launchers for connected Application (long type) example: 100 matchAllAccount: type: boolean description: Is Provisioning enabled for connected Application example: true default: false owner: type: array description: The owner of the connected Application items: $ref: '#/components/schemas/BaseReferenceDto' appCenterEnabled: type: boolean description: Is App Center enabled for connected Application example: false default: false DependantConnectionsMissingDto: type: object title: Dependant Connections Missing Dto properties: dependencyType: type: string enum: - identityProfiles - credentialProfiles - mappingProfiles - sourceAttributes - dependantCustomTransforms - dependantApps description: The type of dependency type that is missing in the SourceConnections example: dependantApps reason: type: string description: The reason why this dependency is missing example: If there was an error retrieving any dependencies, it would lbe listed here SourceConnectionsDto: type: object title: Source Connections Dto properties: identityProfiles: type: array description: The IdentityProfile attached to this source items: $ref: '#/components/schemas/IdentityProfilesConnections' credentialProfiles: type: array description: Name of the CredentialProfile attached to this source items: type: string example: - Profile ODS sourceAttributes: type: array description: The attributes attached to this source items: type: string example: - sAMAccountName - mail - sn - givenName - displayName - employeeNumber - manager - telephoneNumber mappingProfiles: type: array description: The profiles attached to this source example: - ODS-AD-Profile - ODS-Profile2 items: type: string dependentCustomTransforms: example: - id: 61190eae-290b-4335-aeb8-7335f1fd99cb name: Split Transform type: split attributes: delimiter: '-' index: 1 input: attributes: sourceName: Example CSV Source attributeName: last_name type: accountAttribute internal: false description: A list of custom transforms associated with this source. A transform will be considered associated with a source if any attributes of the transform specify the source as the sourceName. type: array items: $ref: '#/components/schemas/TransformRead' dependentApps: type: array items: $ref: '#/components/schemas/DependantAppConnections' missingDependents: type: array items: $ref: '#/components/schemas/DependantConnectionsMissingDto' CorrelationConfig: type: object title: Correlation Config description: Source configuration information that is used by correlation process. properties: id: type: string nullable: true description: The ID of the correlation configuration. example: 2c9180835d191a86015d28455b4a2329 name: type: string nullable: true description: The name of the correlation configuration. example: Source [source] Account Correlation attributeAssignments: type: array nullable: true description: The list of attribute assignments of the correlation configuration. items: type: object description: The attribute assignment of the correlation configuration. properties: property: type: string description: The property of the attribute assignment. example: first_name value: type: string description: The value of the attribute assignment. example: firstName operation: type: string description: The operation of the attribute assignment. enum: - EQ example: EQ complex: type: boolean description: Whether or not the it's a complex attribute assignment. default: false example: false ignoreCase: type: boolean description: Whether or not the attribute assignment should ignore case. default: false example: false matchMode: type: string description: The match mode of the attribute assignment. enum: - ANYWHERE - START - END example: ANYWHERE filterString: type: string description: The filter string of the attribute assignment. example: first_name == "John" PasswordPolicyHoldersDtoAttributes: type: object title: Password Policy Holders Dto Attributes properties: identityAttr: description: Attributes of PasswordPolicyHoldersDto type: array items: type: object properties: name: description: Attribute's name type: string example: Country value: description: Attribute's value type: string example: Canada PasswordPolicyHoldersDto: type: array description: List of PasswordPolicyHoldersDto items: type: object properties: policyId: type: string description: The password policy Id. example: 2c91808e7d976f3b017d9f5ceae440c8 policyName: type: string description: The name of the password policy. example: PasswordPolicy Example selectors: type: object $ref: '#/components/schemas/PasswordPolicyHoldersDtoAttributes' example: identityAttr: - name: displayName value: Robert - name: lastname value: Juice example: - policyId: 2c91808e7d976f3b017d9f5ceae440c8 policyName: Default selectors: null - policyId: 2c91808e7d976f3b017d9f5ceae440c8 policyName: PasswordPolicy Example selectors: identityAttr: - name: displayName value: Robert - name: lastname value: Case StatusResponse: type: object title: Status Response description: Response model for connection check, configuration test and ping of source connectors. properties: id: type: string description: ID of the source example: 2c91808568c529c60168cca6f90c1313 readOnly: true name: type: string description: Name of the source example: ODS-AD-Test [source-999999] readOnly: true status: type: string enum: - SUCCESS - FAILURE description: The status of the health check. example: SUCCESS readOnly: true elapsedMillis: type: integer description: The number of milliseconds spent on the entire request. example: 1000 readOnly: true details: type: object description: | The document contains the results of the health check. The schema of this document depends on the type of source used. readOnly: true example: useTLSForIQService: false IQService: TLS Port: 0 .NET CLR Version: 4.0.30319.42000 SecondaryServiceStatus: Running Port: 5050 Host: AUTOMATION-AD Name: IQService IQServiceStatus: Running SecondaryService: IQService-Instance1-Secondary Version: IQService Sep-2020 secondaryPort: 5051 OS Architecture: AMD64 Operating System: Microsoft Windows Server 2012 R2 Standard highestDotNetVersion: 4.8 or later Build Time: 09/22/2020 06:34 AM -0500 IQServiceClientAuthEnabled: false requestProcessedOn: 1/19/2021 1:47:14 PM ResourceObjectsRequest: type: object title: Resource Objects Request description: Request model for peek resource objects from source connectors. properties: objectType: type: string description: The type of resource objects to iterate over. default: account example: group maxCount: type: integer description: The maximum number of resource objects to iterate over and return. default: 25 example: 100 ResourceObject: type: object title: Resource Object description: Representation of the object which is returned from source connectors. properties: instance: description: Identifier of the specific instance where this object resides. type: string readOnly: true identity: description: Native identity of the object in the Source. type: string example: CN=Aaron Carr,OU=test1,DC=test2,DC=test readOnly: true uuid: description: Universal unique identifier of the object in the Source. type: string example: '{abf7bd9b-68b4-4d21-9b70-870c58ebf844}' readOnly: true previousIdentity: description: Native identity that the object has previously. type: string readOnly: true name: description: Display name for this object. type: string example: Aaron Carr readOnly: true objectType: description: Type of object. type: string example: account readOnly: true incomplete: description: A flag indicating that this is an incomplete object. Used in special cases where the connector has to return account information in several phases and the objects might not have a complete set of all account attributes. The attributes in this object will replace the corresponding attributes in the Link, but no other Link attributes will be changed. type: boolean example: false readOnly: true incremental: description: A flag indicating that this is an incremental change object. This is similar to incomplete but it also means that the values of any multi-valued attributes in this object should be merged with the existing values in the Link rather than replacing the existing Link value. type: boolean example: false readOnly: true delete: description: A flag indicating that this object has been deleted. This is set only when doing delta aggregation and the connector supports detection of native deletes. type: boolean example: false readOnly: true remove: description: A flag set indicating that the values in the attributes represent things to remove rather than things to add. Setting this implies incremental. The values which are always for multi-valued attributes are removed from the current values. type: boolean example: false readOnly: true missing: description: A list of attribute names that are not included in this object. This is only used with SMConnector and will only contain "groups". type: array items: type: string example: - missFieldOne - missFieldTwo readOnly: true attributes: description: Attributes of this ResourceObject. type: object example: telephoneNumber: 12-(345)678-9012 mail: example@test.com displayName: Aaron Carr readOnly: true finalUpdate: description: In Aggregation, for sparse object the count for total accounts scanned identities updated is not incremented. type: boolean example: false readOnly: true ResourceObjectsResponse: type: object title: Resource Objects Response description: Response model for peek resource objects from source connectors. properties: id: type: string description: ID of the source example: 2c91808568c529c60168cca6f90c1313 readOnly: true name: type: string description: Name of the source example: ODS-AD-Test [source-999999] readOnly: true objectCount: type: integer description: The number of objects that were fetched by the connector. example: 25 readOnly: true elapsedMillis: type: integer description: The number of milliseconds spent on the entire request. example: 1055 readOnly: true resourceObjects: type: array items: $ref: '#/components/schemas/ResourceObject' description: Fetched objects from the source connector. readOnly: true NativeChangeDetectionConfig: type: object title: Native Change Detection Config description: Source configuration information for Native Change Detection that is read and used by account aggregation process. properties: enabled: description: A flag indicating if Native Change Detection is enabled for a source. type: boolean example: true default: false operations: type: array description: Operation types for which Native Change Detection is enabled for a source. items: type: string enum: - ACCOUNT_UPDATED - ACCOUNT_CREATED - ACCOUNT_DELETED example: - ACCOUNT_UPDATED - ACCOUNT_DELETED allEntitlements: description: A flag indicating that all entitlements participate in Native Change Detection. type: boolean example: false default: false allNonEntitlementAttributes: description: A flag indicating that all non-entitlement account attributes participate in Native Change Detection. type: boolean example: false default: false selectedEntitlements: description: If allEntitlements flag is off this field lists entitlements that participate in Native Change Detection. type: array items: type: string example: - memberOf - memberOfSharedMailbox selectedNonEntitlementAttributes: description: If allNonEntitlementAttributes flag is off this field lists non-entitlement account attributes that participate in Native Change Detection. externalDocs: description: Learn more about account attributes here. url: https://documentation.sailpoint.com/saas/help/accounts/schema.html type: array items: type: string example: - lastName - phoneNumber - objectType - servicePrincipalName LoadAccountsTask: type: object title: Load Accounts Task properties: success: type: boolean description: The status of the result default: 'true' example: 'true' task: type: object properties: id: description: System-generated unique ID of the task this taskStatus represents type: string example: ef38f94347e94562b5bb8424a56397d8 type: description: Type of task this task represents type: string example: QUARTZ name: description: The name of the aggregation process type: string example: Cloud Account Aggregation description: description: The description of the task type: string example: Aggregate from the specified application launcher: description: The user who initiated the task type: string example: John Doe created: type: string description: The Task creation date format: date-time example: '2020-09-07T42:14:00.364Z' launched: type: string nullable: true format: date-time description: The task start date example: '2020-09-07T42:14:00.521Z' completed: type: string nullable: true format: date-time description: The task completion date example: '2020-09-07T42:14:01.137Z' completionStatus: type: string nullable: true enum: - SUCCESS - WARNING - ERROR - TERMINATED - TEMP_ERROR description: Task completion status. example: Success parentName: type: string nullable: true description: Name of the parent task if exists. example: Audit Report messages: type: array description: List of the messages dedicated to the report. From task definition perspective here usually should be warnings or errors. example: [] items: type: object properties: type: type: string description: Type of the message. enum: - INFO - WARN - ERROR example: WARN error: type: boolean default: false description: Flag whether message is an error. example: false warning: type: boolean default: false description: Flag whether message is a warning. example: true key: type: string description: Message string identifier. example: This aggregation failed because the currently running aggregation must complete before the next one can start. localizedText: type: string description: Message context with the locale based language. example: This aggregation failed because the currently running aggregation must complete before the next one can start. progress: type: string nullable: true description: Current task state. example: Initializing... attributes: type: object description: Extra attributes map(dictionary) for the task. properties: appId: description: The id of the source type: string example: c31386cb18bb403cbb6df4c86294ff82 optimizedAggregation: description: The indicator if the aggregation process was enabled/disabled for the aggregation job type: string example: enabled additionalProperties: type: object returns: type: array description: Return values from the task items: type: object properties: displayLabel: type: string description: The display label of the return value example: TASK_OUT_ACCOUNT_AGGREGATION_APPLICATIONS attributeName: type: string description: The attribute name of the return value example: applications example: - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_APPLICATIONS attributeName: applications - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_TOTAL attributeName: total - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_OPTIMIZED attributeName: optimizedAggregation - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_IGNORED attributeName: ignored - displayLabel: TASK_OUT_UNCHANGED_ACCOUNTS attributeName: optimized - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_CREATED attributeName: created - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_UPDATED attributeName: updated - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_DELETED attributeName: deleted - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_MANAGER_CHANGES attributeName: managerChanges - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_BUSINESS_ROLE_CHANGES attributeName: detectedRoleChanges - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_EXCEPTION_CHANGES attributeName: exceptionChanges - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_POLICIES attributeName: policies - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_POLICY_VIOLATIONS attributeName: policyViolations - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_POLICY_NOTIFICATIONS attributeName: policyNotifications - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_SCORES_CHANGED attributeName: scoresChanged - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_SNAPSHOTS_CREATED attributeName: snapshotsCreated - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_SCOPES_CREATED attributeName: scopesCreated - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_SCOPES_CORRELATED attributeName: scopesCorrelated - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_SCOPES_SELECTED attributeName: scopesSelected - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_SCOPES_DORMANT attributeName: scopesDormant - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_UNSCOPED_IDENTITIES attributeName: unscopedIdentities - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_CERTIFICATIONS_CREATED attributeName: certificationsCreated - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_CERTIFICATIONS_DELETED attributeName: certificationsDeleted - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_APPLICATIONS_GENERATED attributeName: applicationsGenerated - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_MANAGED_ATTRIBUTES_PROMOTED attributeName: managedAttributesCreated - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_MANAGED_ATTRIBUTES_PROMOTED_BY_APP attributeName: managedAttributesCreatedByApplication - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_IDENTITYENTITLEMENTS_CREATED attributeName: identityEntitlementsCreated - displayLabel: TASK_OUT_ACCOUNT_AGGREGATION_GROUPS_CREATED attributeName: groupsCreated LoadUncorrelatedAccountsTask: type: object title: Load Uncorrelated Accounts Task properties: success: type: boolean description: The status of the result default: 'true' example: 'true' task: type: object properties: id: description: System-generated unique ID of the task this taskStatus represents type: string example: 90b83a6bb737489494794f84cd3a51e6 type: description: Type of task this task represents type: string example: QUARTZ name: description: The name of uncorrelated accounts process type: string example: Cloud Process Uncorrelated Accounts description: description: The description of the task type: string example: Processes uncorrelated accounts for the specified application. launcher: description: The user who initiated the task type: string example: John Doe created: type: string description: The Task creation date format: date-time example: '2020-09-07T42:14:00.364Z' launched: type: string nullable: true format: date-time description: The task start date example: '2020-09-07T42:14:00.521Z' completed: type: string nullable: true format: date-time description: The task completion date example: '2020-09-07T42:14:01.137Z' completionStatus: type: string nullable: true enum: - SUCCESS - WARNING - ERROR - TERMINATED - TEMP_ERROR description: Task completion status. example: Success parentName: type: string nullable: true description: Name of the parent task if exists. example: Audit Report messages: type: array description: List of the messages dedicated to the report. From task definition perspective here usually should be warnings or errors. example: [] items: type: object properties: type: type: string description: Type of the message. enum: - INFO - WARN - ERROR example: WARN error: type: boolean default: false description: Flag whether message is an error. example: false warning: type: boolean default: false description: Flag whether message is a warning. example: true key: type: string description: Message string identifier. example: This correlation failed because the currently running correlation must complete before the next one can start. localizedText: type: string description: Message context with the locale based language. example: This correlation failed because the currently running correlation must complete before the next one can start. progress: type: string nullable: true description: Current task state. example: Initializing... attributes: type: object description: Extra attributes map(dictionary) for the task. properties: qpocJobId: description: The id of qpoc job type: string example: 5d303d46-fc51-48cd-9c6d-4e211e3ab63c taskStartDelay: description: the task start delay value example: '' returns: description: Return values from the task type: object example: - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_APPLICATIONS attributeName: applications - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_TOTAL attributeName: total - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_IGNORED attributeName: correlationFailures - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_FAILURES attributeName: ignored - displayLabel: TASK_OUT_UNCHANGED_ACCOUNTS attributeName: optimized - displayLabel: TASK_OUT_ACCOUNT_CORRELATION__CREATED attributeName: created - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_UPDATED attributeName: updated - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_DELETED attributeName: deleted - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_MANAGER_CHANGES attributeName: managerChanges - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_BUSINESS_ROLE_CHANGES attributeName: detectedRoleChanges - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_EXCEPTION_CHANGES attributeName: exceptionChanges - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_POLICIES attributeName: policies - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_POLICY_VIOLATIONS attributeName: policyViolations - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_POLICY_NOTIFICATIONS attributeName: policyNotifications - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_SCORES_CHANGED attributeName: scoresChanged - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_SNAPSHOTS_CREATED attributeName: snapshotsCreated - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_SCOPES_CREATED attributeName: scopesCreated - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_SCOPES_CORRELATED attributeName: scopesCorrelated - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_SCOPES_SELECTED attributeName: scopesSelected - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_SCOPES_DORMANT attributeName: scopesDormant - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_UNSCOPED_IDENTITIES attributeName: unscopedIdentities - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_CERTIFICATIONS_CREATED attributeName: certificationsCreated - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_CERTIFICATIONS_DELETED attributeName: certificationsDeleted - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_APPLICATIONS_GENERATED attributeName: applicationsGenerated - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_MANAGED_ATTRIBUTES_PROMOTED attributeName: managedAttributesCreated - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_MANAGED_ATTRIBUTES_PROMOTED_BY_APP attributeName: managedAttributesCreatedByApplication - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_IDENTITYENTITLEMENTS_CREATED attributeName: identityEntitlementsCreated - displayLabel: TASK_OUT_ACCOUNT_CORRELATION_GROUPS_CREATED attributeName: groupsCreated TaggedObjectDto: type: object title: Tagged Object Dto properties: type: type: string enum: - ACCESS_PROFILE - APPLICATION - CAMPAIGN - ENTITLEMENT - IDENTITY - ROLE - SOD_POLICY - SOURCE example: IDENTITY description: DTO type id: type: string description: ID of the object this reference applies to example: 2c91808568c529c60168cca6f90c1313 name: type: string nullable: true description: Human-readable display name of the object this reference applies to example: William Wilson TaggedObject: type: object title: Tagged Object description: Tagged object. properties: objectRef: $ref: '#/components/schemas/TaggedObjectDto' tags: type: array items: type: string description: Labels to be applied to an Object example: - BU_FINANCE - PCI BulkAddTaggedObject: type: object title: Bulk Add Tagged Object properties: objectRefs: type: array items: $ref: '#/components/schemas/TaggedObjectDto' tags: type: array items: type: string description: Label to be applied to an Object example: - BU_FINANCE - PCI operation: type: string enum: - APPEND - MERGE default: APPEND description: |- If APPEND, tags are appended to the list of tags for the object. A 400 error is returned if this would add duplicate tags to the object. If MERGE, tags are merged with the existing tags. Duplicate tags are silently ignored. example: MERGE BulkTaggedObjectResponse: type: object title: Bulk Tagged Object Response properties: objectRefs: type: array items: $ref: '#/components/schemas/TaggedObjectDto' tags: type: array items: type: string description: Label to be applied to an Object example: - BU_FINANCE - PCI BulkRemoveTaggedObject: type: object title: Bulk Remove Tagged Object properties: objectRefs: type: array items: $ref: '#/components/schemas/TaggedObjectDto' tags: type: array items: type: string description: Label to be applied to an Object example: - BU_FINANCE - PCI Tag: type: object title: Tag properties: id: type: string description: Tag id example: 449ecdc0-d4ff-4341-acf6-92f6f7ce604f readOnly: true name: type: string description: Name of the tag. example: PCI created: type: string description: Date the tag was created. format: date-time example: '2022-05-04T14:48:49Z' readOnly: true modified: type: string description: Date the tag was last modified. format: date-time example: '2022-07-14T16:31:11Z' readOnly: true tagCategoryRefs: type: array items: type: object description: Tagged object's category. properties: type: type: string description: DTO type of the tagged object's category. enum: - ACCESS_PROFILE - APPLICATION - CAMPAIGN - ENTITLEMENT - IDENTITY - ROLE - SOD_POLICY - SOURCE example: ENTITLEMENT id: type: string description: Tagged object's ID. example: 2c91809773dee32014e13e122092014e name: type: string description: Tagged object's display name. example: CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local readOnly: true required: - id - name - created - modified - tagCategoryRefs WorkItemStateManualWorkItems: type: string enum: - Finished - Rejected - Returned - Expired - Pending - Canceled example: Finished description: The state of a work item WorkItemTypeManualWorkItems: type: string enum: - Generic - Certification - Remediation - Delegation - Approval - ViolationReview - Form - PolicyViolation - Challenge - ImpactAnalysis - Signoff - Event - ManualAction - Test example: Generic description: The type of the work item RemediationItemDetails: type: object title: Remediation Item Details properties: id: type: string description: The ID of the certification example: 2c9180835d2e5168015d32f890ca1581 targetId: type: string description: The ID of the certification target example: 2c9180835d2e5168015d32f890ca1581 targetName: type: string description: The name of the certification target example: john.smith targetDisplayName: type: string description: The display name of the certification target example: emailAddress applicationName: type: string description: The name of the application/source example: Active Directory attributeName: type: string description: The name of the attribute being certified example: phoneNumber attributeOperation: type: string description: The operation of the certification on the attribute example: update attributeValue: type: string description: The value of the attribute being certified example: 512-555-1212 nativeIdentity: type: string description: The native identity of the target example: jason.smith2 WorkItemState: type: string nullable: true enum: - Finished - Rejected - Returned - Expired - Pending - Canceled - null example: Pending description: The state of a work item ApprovalItemDetails: type: object title: Approval Item Details properties: id: type: string description: The approval item's ID example: 2c9180835d2e5168015d32f890ca1581 account: type: string description: The account referenced by the approval item example: john.smith nullable: true application: type: string description: The name of the application/source example: Active Directory name: type: string description: The attribute's name example: emailAddress nullable: true operation: type: string description: The attribute's operation example: update value: type: string description: The attribute's value example: a@b.com nullable: true state: allOf: - $ref: '#/components/schemas/WorkItemState' - nullable: true FormItemDetails: type: object title: Form Item Details properties: name: type: string nullable: true description: Name of the FormItem example: Field1 SectionDetails: type: object title: Section Details allOf: - $ref: '#/components/schemas/FormItemDetails' - type: object properties: label: type: string nullable: true description: Label of the section example: Section 1 formItems: type: array items: type: object description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails example: [] FormDetails: type: object title: Form Details properties: id: type: string description: ID of the form example: 2c9180835d2e5168015d32f890ca1581 nullable: true name: type: string description: Name of the form example: AccountSelection Form nullable: true title: type: string nullable: true description: The form title example: Account Selection for John.Doe subtitle: type: string nullable: true description: The form subtitle. example: Please select from the following targetUser: type: string description: The name of the user that should be shown this form example: Jane.Doe sections: type: array items: $ref: '#/components/schemas/SectionDetails' description: Sections of the form WorkflowModifiedBy: type: object properties: type: type: string enum: - IDENTITY example: IDENTITY id: type: string description: Identity ID example: 2c9180a46faadee4016fb4e018c20639 name: type: string description: Human-readable display name of identity. example: Thomas Edison WorkflowDefinition: type: object description: The map of steps that the workflow will execute. properties: start: type: string description: The name of the starting step. example: Send Email Test steps: type: object description: One or more step objects that comprise this workflow. Please see the Workflow documentation to see the JSON schema for each step type. additionalProperties: true example: Send Email: actionId: sp:send-email attributes: body: This is a test from: sailpoint@sailpoint.com recipientId.$: $.identity.id subject: test nextStep: success selectResult: null type: ACTION success: type: success EventAttributes: title: Event Trigger Attributes type: object description: Attributes related to an IdentityNow ETS event additionalProperties: false required: - id properties: id: type: string description: The unique ID of the trigger example: idn:identity-attributes-changed nullable: true filter.$: type: string description: JSON path expression that will limit which events the trigger will fire on example: $.changes[?(@.attribute == 'manager')] nullable: true description: type: string description: Description of the event trigger example: Triggered when an identity's manager attribute changes nullable: true attributeToFilter: type: string description: The attribute to filter on example: LifecycleState nullable: true formDefinitionId: type: string description: Form definition's unique identifier. example: Admin_Access_Request_Form nullable: true ExternalAttributes: title: External Trigger Attributes type: object description: Attributes related to an external trigger additionalProperties: false properties: name: type: string description: A unique name for the external trigger example: search-and-notify nullable: true description: type: string description: Additional context about the external trigger example: Run a search and notify the results nullable: true clientId: type: string description: OAuth Client ID to authenticate with this trigger example: 87e239b2-b85b-4bde-b9a7-55bf304ddcdc nullable: true url: type: string description: URL to invoke this workflow example: https://example-tenant.api.identitynow.com/beta/workflows/execute/external/c79e0079-562c-4df5-aa73-60a9e25c916d nullable: true ScheduledAttributes: title: Scheduled Trigger Attributes type: object description: Attributes related to a scheduled trigger additionalProperties: false required: - frequency properties: frequency: type: string description: Frequency of execution example: daily enum: - daily - weekly - monthly - yearly - cronSchedule - null nullable: true timeZone: type: string description: Time zone identifier example: America/Chicago nullable: true cronString: type: string description: A valid CRON expression externalDocs: description: CRON expression editor url: https://crontab.guru/ example: 0 9 * * 1 nullable: true weeklyDays: type: array items: type: string example: Monday description: Scheduled days of the week for execution nullable: true weeklyTimes: type: array items: type: string example: Monday description: Scheduled execution times nullable: true yearlyTimes: type: array items: type: string example: '1969-12-31T09:00:00.000Z' description: Scheduled execution times nullable: true WorkflowTrigger: type: object description: The trigger that starts the workflow required: - type - attributes properties: type: type: string enum: - EVENT - EXTERNAL - SCHEDULED - '' example: EVENT description: The trigger type displayName: type: string nullable: true attributes: nullable: true anyOf: - $ref: '#/components/schemas/EventAttributes' - $ref: '#/components/schemas/ExternalAttributes' - $ref: '#/components/schemas/ScheduledAttributes' description: Workflow Trigger Attributes. WorkflowBody: type: object properties: name: type: string description: The name of the workflow example: Send Email owner: type: object description: The identity that owns the workflow. The owner's permissions in IDN will determine what actions the workflow is allowed to perform. Ownership can be changed by updating the owner in a PUT or PATCH request. properties: type: type: string enum: - IDENTITY example: IDENTITY description: The type of object that is referenced id: type: string description: The unique ID of the object example: 2c91808568c529c60168cca6f90c1313 name: type: string description: The name of the object example: William Wilson description: type: string description: Description of what the workflow accomplishes example: Send an email to the identity who's attributes changed. definition: $ref: '#/components/schemas/WorkflowDefinition' enabled: type: boolean description: Enable or disable the workflow. Workflows cannot be created in an enabled state. default: false example: false trigger: $ref: '#/components/schemas/WorkflowTrigger' Workflow: allOf: - type: object properties: id: type: string description: Workflow ID. This is a UUID generated upon creation. example: d201c5e9-d37b-4aff-af14-66414f39d569 executionCount: type: integer format: int32 description: The number of times this workflow has been executed. example: 2 failureCount: type: integer format: int32 description: The number of times this workflow has failed during execution. example: 0 created: type: string format: date-time description: The date and time the workflow was created. example: '2022-01-10T16:06:16.636381447Z' modified: type: string format: date-time description: The date and time the workflow was modified. example: '2023-12-05T15:18:27.699132301Z' modifiedBy: $ref: '#/components/schemas/WorkflowModifiedBy' creator: type: object description: Workflow creator's identity. properties: type: type: string description: Workflow creator's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Workflow creator's identity ID. example: 2c7180a46faadee4016fb4e018c20642 name: type: string description: Workflow creator's display name. example: Michael Michaels - $ref: '#/components/schemas/WorkflowBody' WorkflowExecution: type: object properties: id: type: string description: Workflow execution ID. example: b393f4e2-4785-4d7f-ab27-3a6b8ded4c81 workflowId: type: string description: Workflow ID. example: d201c5d9-d37b-4a2f-af14-66414f39d568 requestId: type: string description: Backend ID that tracks a workflow request in the system. Provide this ID in a customer support ticket for debugging purposes. example: 41e12a74fa7b4a6a98ae47887b64acdb startTime: type: string format: date-time description: Date/time when the workflow started. example: '2022-02-07T20:13:29.356648026Z' closeTime: type: string format: date-time description: Date/time when the workflow ended. example: '2022-02-07T20:13:31.682410165Z' status: description: Workflow execution status. type: string enum: - Completed - Failed - Canceled - Queued - Running example: Completed WorkflowExecutionEvent: type: object properties: type: type: string description: The type of event enum: - WorkflowExecutionScheduled - WorkflowExecutionStarted - WorkflowExecutionCompleted - WorkflowExecutionFailed - WorkflowTaskScheduled - WorkflowTaskStarted - WorkflowTaskCompleted - WorkflowTaskFailed - ActivityTaskScheduled - ActivityTaskStarted - ActivityTaskCompleted - ActivityTaskFailed - StartChildWorkflowExecutionInitiated - ChildWorkflowExecutionStarted - ChildWorkflowExecutionCompleted - ChildWorkflowExecutionFailed example: WorkflowTaskScheduled timestamp: type: string format: date-time description: The date-time when the event occurred example: '2022-02-07T20:13:31.640618296Z' attributes: type: object description: Additional attributes associated with the event example: {} WorkflowLibraryFormFields: type: object properties: description: type: string description: Description of the form field example: First value to compare helpText: type: string description: Describes the form field in the UI example: The name to give to this certification campaign. label: type: string description: A human readable name for this form field in the UI example: Campaign Name name: type: string description: The name of the input attribute example: name required: type: boolean description: Denotes if this field is a required attribute example: false default: false type: description: The type of the form field type: string nullable: true enum: - text - textarea - boolean - email - url - number - json - checkbox - jsonpath - select - multiType - duration - toggle - formPicker - identityPicker - governanceGroupPicker - string - object - array - secret - keyValuePairs - emailPicker - advancedToggle - variableCreator - htmlEditor example: text WorkflowLibraryAction: title: Workflow Action type: object properties: id: type: string description: Action ID. This is a static namespaced ID for the action example: sp:create-campaign name: type: string description: Action Name example: Create Certification Campaign type: type: string description: Action type example: ACTION description: type: string description: Action Description example: Generates a certification campaign. formFields: nullable: true type: array description: One or more inputs that the action accepts items: $ref: '#/components/schemas/WorkflowLibraryFormFields' exampleOutput: oneOf: - type: object description: Example output - type: array items: type: object deprecated: type: boolean deprecatedBy: type: string format: date-time versionNumber: type: integer description: Version number isSimulationEnabled: type: boolean isDynamicSchema: type: boolean description: Determines whether the dynamic output schema is returned in place of the action's output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields. example: false default: false outputSchema: type: object description: Defines the output schema, if any, that this action produces. example: definitions: {} properties: autoRevokeAllowed: $id: '#sp:create-campaign/autoRevokeAllowed' default: true examples: - false title: autoRevokeAllowed type: boolean deadline: $id: '#sp:create-campaign/deadline' default: '' examples: - '2020-12-25T06:00:00.468Z' format: date-time pattern: ^.*$ title: deadline type: string description: $id: '#sp:create-campaign/description' default: '' examples: - A review of everyone's access by their manager. pattern: ^.*$ title: description type: string emailNotificationEnabled: $id: '#sp:create-campaign/emailNotificationEnabled' default: true examples: - false title: emailNotificationEnabled type: boolean filter: $id: '#sp:create-campaign/filter' properties: id: $id: '#sp:create-campaign/filter/id' default: '' examples: - e0adaae69852e8fe8b8a3d48e5ce757c pattern: ^.*$ title: id type: string type: $id: '#sp:create-campaign/filter/type' default: '' examples: - CAMPAIGN_FILTER pattern: ^.*$ title: type type: string title: filter type: object id: $id: '#sp:create-campaign/id' default: '' examples: - 2c918086719eec070171a7e3355a360a pattern: ^.*$ title: id type: string name: $id: '#sp:create-campaign/name' default: '' examples: - Manager Review pattern: ^.*$ title: name type: string recommendationsEnabled: $id: '#sp:create-campaign/recommendationsEnabled' default: true examples: - false title: recommendationEnabled type: boolean type: $id: '#sp:create-campaign/type' default: '' examples: - MANAGER pattern: ^.*$ title: type type: string title: sp:create-campaign type: object WorkflowLibraryTrigger: title: Workflow Trigger type: object properties: id: type: string description: Trigger ID. This is a static namespaced ID for the trigger. example: idn:identity-attributes-changed type: description: Trigger type type: string enum: - EVENT - SCHEDULED - EXTERNAL example: EVENT deprecated: type: boolean deprecatedBy: type: string format: date-time isSimulationEnabled: type: boolean outputSchema: type: object description: Example output schema name: type: string description: Trigger Name example: Identity Attributes Changed description: type: string description: Trigger Description example: One or more identity attributes changed. isDynamicSchema: type: boolean description: Determines whether the dynamic output schema is returned in place of the action's output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields. example: false default: false inputExample: type: object description: Example trigger payload if applicable nullable: true externalDocs: description: List of triggers and their input schemas url: https://developer.sailpoint.com/docs/extensibility/event-triggers/available example: changes: - attribute: department newValue: marketing oldValue: sales - attribute: manager newValue: id: ee769173319b41d19ccec6c235423236c name: mean.guy type: IDENTITY oldValue: id: ee769173319b41d19ccec6c235423237b name: nice.guy type: IDENTITY - attribute: email newValue: john.doe@gmail.com oldValue: john.doe@hotmail.com identity: id: ee769173319b41d19ccec6cea52f237b name: john.doe type: IDENTITY formFields: type: array nullable: true description: One or more inputs that the trigger accepts example: [] items: $ref: '#/components/schemas/WorkflowLibraryFormFields' WorkflowLibraryOperator: title: Workflow Operator type: object properties: id: type: string description: Operator ID. example: sp:compare-boolean name: type: string description: Operator friendly name example: Compare Boolean Values type: description: Operator type type: string example: OPERATOR description: type: string description: Description of the operator example: Compare two boolean values and decide what happens based on the result. isDynamicSchema: type: boolean description: Determines whether the dynamic output schema is returned in place of the action's output schema. The dynamic schema lists non-static properties, like properties of a workflow form where each form has different fields. These will be provided dynamically based on available form fields. example: false deprecated: type: boolean deprecatedBy: type: string format: date-time isSimulationEnabled: type: boolean formFields: type: array nullable: true description: One or more inputs that the operator accepts items: $ref: '#/components/schemas/WorkflowLibraryFormFields' example: - description: Enter the JSONPath to a value from the input to compare to Variable B. helpText: '' label: Variable A name: variableA.$ required: true type: text - helpText: Select an operation. label: Operation name: operator options: - label: Equals value: BooleanEquals required: true type: select - description: Enter the JSONPath to a value from the input to compare to Variable A. helpText: '' label: Variable B name: variableB.$ required: false type: text - description: Enter True or False. helpText: '' label: Variable B name: variableB required: false type: text WorkflowOAuthClient: type: object properties: id: type: string description: OAuth client ID for the trigger. This is a UUID generated upon creation. example: 1a58c03a6bf64dc2876f6988c6e2c7b7 secret: type: string description: OAuthClient secret. example: 00cc24a7fe810fe06a7cb38bc168ae104d703c7abb296f9944dc68e69ddb578b url: type: string description: URL for the external trigger to invoke example: https://example-tenant.api.identitynow.com/beta/workflows/execute/external/c17bea3a-574d-453c-9e04-4365fbf5af0b IdentityPreviewRequest: type: object title: Identity Preview Request properties: identityId: type: string format: uuid example: 2c9180857893f12901789445619b0366 description: The Identity id identityAttributeConfig: $ref: '#/components/schemas/IdentityAttributeConfig' IdentityAttributePreview: type: object title: Identity Attribute Preview properties: name: type: string description: Name of the attribute that is being previewed. example: email value: type: string description: Value that was derived during the preview. example: email@mail.com previousValue: type: string description: The value of the attribute before the preview. example: oldEmail@mail.com errorMessages: $ref: '#/components/schemas/ErrorMessageDtoList' description: A list of errors that may have been encountered. IdentityPreviewResponse: type: object title: Identity Preview Response properties: identity: type: object description: Identity's basic details. properties: type: type: string description: Identity's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Identity ID. example: 2c7180a46faadee4016fb4e018c20642 name: type: string description: Identity's display name. example: Michael Michaels previewAttributes: type: array items: $ref: '#/components/schemas/IdentityAttributePreview' WorkItemForward: type: object title: Work Item Forward required: - targetOwnerId - comment properties: targetOwnerId: type: string description: The ID of the identity to forward this work item to. example: 2c9180835d2e5168015d32f890ca1581 comment: type: string description: Comments to send to the target owner example: I'm going on vacation. sendNotifications: type: boolean description: If true, send a notification to the target owner. default: true example: true SearchAttributeConfig: type: object title: Search Attribute Config properties: name: type: string description: Name of the new attribute example: newMailAttribute displayName: type: string description: The display name of the new attribute example: New Mail Attribute applicationAttributes: type: object description: Map of application id and their associated attribute. example: 2c91808b79fd2422017a0b35d30f3968: employeeNumber 2c91808b79fd2422017a0b36008f396b: employeeNumber AccessProfileBulkUpdateRequest: description: List of Access profiles to be updated. type: array items: type: object description: Access Profile's basic details. properties: id: type: string description: Access Profile ID. example: 464ae7bf-791e-49fd-b746-06a2e4a8 requestable: type: boolean description: Access Profile is requestable or not. example: false example: - id: 464ae7bf-791e-49fd-b746-06a2e4a8 requestable: false required: - id - requestable AccessProfileUpdateItem: type: object properties: id: description: Identifier of Access Profile in bulk update request. type: string example: 2c7180a46faadee4016fb4e018c20642 requestable: description: Access Profile requestable or not. type: boolean example: false status: description: | The HTTP response status code returned for an individual Access Profile that is requested for update during a bulk update operation. > 201 - Access profile is updated successfully. > 404 - Access profile not found. type: string example: '201' description: description: | Human readable status description and containing additional context information about success or failures etc. type: string example: | > Access profile is updated successfully. > Referenced Access profile with Id "2c7180a46faadee4016fb4e018c20642" was not found. required: - id - requestable - status AccessProfileBulkUpdateResponse: description: Access Profile Bulk update response. type: array items: $ref: '#/components/schemas/AccessProfileUpdateItem' example: - id: 464ae7bf-791e-49fd-b746-06a2e4a8 status: '201' requestable: false description: Access Profile updated successfully. AccessRequestRecommendationItemType: type: string enum: - ACCESS_PROFILE - ROLE description: The type of access item. example: ACCESS_PROFILE AccessRecommendationMessage: type: object title: Access Recommendation Message properties: interpretation: type: string description: Information about why the access item was recommended. example: 95% of your peers have this access. TranslationMessage: type: object title: Translation Message properties: key: type: string description: The key of the translation message example: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH values: type: array description: The values corresponding to the translation messages items: type: string example: - '75' - department AccessRequestRecommendationItemDetail: type: object title: Access Request Recommendation Item Detail properties: identityId: type: string format: UUID description: Identity ID for the recommendation example: 2c91808570313110017040b06f344ec9 access: type: object properties: id: type: string format: UUID description: ID of access item being recommended. example: 2c9180835d2e5168015d32f890ca1581 type: $ref: '#/components/schemas/AccessRequestRecommendationItemType' name: type: string description: Name of the access item example: Employee-database-read-write description: type: string description: Description of the access item example: This item grants an employee read and write access to the database ignored: type: boolean example: true description: Whether or not the identity has already chosen to ignore this recommendation. requested: type: boolean example: true description: Whether or not the identity has already chosen to request this recommendation. viewed: type: boolean example: true description: Whether or not the identity reportedly viewed this recommendation. messages: type: array items: $ref: '#/components/schemas/AccessRecommendationMessage' translationMessages: description: The list of translation messages type: array example: - key: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH values: - '75' - department items: $ref: '#/components/schemas/TranslationMessage' AccessRequestRecommendationConfigDto: type: object title: Access Request Recommendation Config Dto properties: scoreThreshold: type: number format: float description: The value that internal calculations need to exceed for recommendations to be made. example: 0.5 startDateAttribute: type: string description: Use to map an attribute name for determining identities' start date. example: startDate restrictionAttribute: type: string description: Use to only give recommendations based on this attribute. example: location moverAttribute: type: string description: Use to map an attribute name for determining whether identities are movers. example: isMover joinerAttribute: type: string description: Use to map an attribute name for determining whether identities are joiners. example: isJoiner useRestrictionAttribute: type: boolean description: Use only the attribute named in restrictionAttribute to make recommendations. example: true default: false required: - scoreThreshold AccessRequestRecommendationItem: type: object title: Access Request Recommendation Item properties: id: type: string format: UUID description: ID of access item being recommended. example: 2c9180835d2e5168015d32f890ca1581 type: $ref: '#/components/schemas/AccessRequestRecommendationItemType' AccessRequestRecommendationActionItemResponseDto: type: object title: Access Request Recommendation Action Item Response Dto properties: identityId: type: string format: UUID description: The identity ID taking the action. example: 2c91808570313110017040b06f344ec9 access: $ref: '#/components/schemas/AccessRequestRecommendationItem' timestamp: type: string format: date-time example: '2017-07-11T18:45:37.098Z' AccessRequestRecommendationActionItemDto: type: object title: Access Request Recommendation Action Item Dto properties: identityId: type: string format: UUID description: The identity ID taking the action. example: 2c91808570313110017040b06f344ec9 access: $ref: '#/components/schemas/AccessRequestRecommendationItem' required: - identityId - access AuthProfileSummary: type: object title: Auth Profile Summary properties: tenant: type: string description: Tenant name. example: test-tenant id: type: string description: Identity ID. example: 2c91808458ae7a4f0158b1bbf8af0628 AuthProfile: type: object title: Auth Profile properties: name: type: string description: Authentication Profile name. example: EndToEnd-Profile offNetwork: type: boolean description: Use it to block access from off network. default: false example: true untrustedGeography: type: boolean description: Use it to block access from untrusted geoographies. default: false example: true applicationId: type: string nullable: true description: Application ID. example: 2c91808458ae7a4f0158b1bbf8af0628 applicationName: type: string nullable: true description: Application name. example: EndToEnd-Source type: type: string enum: - BLOCK - MFA - NON_PTA - PTA description: Type of the Authentication Profile. example: PTA strongAuthLogin: type: boolean description: Use it to enable strong authentication. default: false example: true CustomPasswordInstruction: type: object title: Custom Password Instruction properties: pageId: type: string example: change-password:enter-password description: The page ID that represents the page for forget user name, reset password and unlock account flow. enum: - change-password:enter-password - change-password:finish - flow-selection:select - forget-username:user-email - mfa:enter-code - mfa:enter-kba - mfa:select - reset-password:enter-password - reset-password:enter-username - reset-password:finish - unlock-account:enter-username - unlock-account:finish pageContent: type: string example: Please enter a new password. Your password must be at least 8 characters long and contain at least one number and one letter. description: | The custom instructions for the specified page. Allow basic HTML format and maximum length is 1000 characters. The custom instructions will be sanitized to avoid attacks. If the customization text includes a link, like `...` clicking on this will open the link on the current browser page. If you want your link to be redirected to a different page, please redirect it to "_blank" like this: `link`. This will open a new tab when the link is clicked. Notice we're only supporting _blank as the redirection target. locale: type: string example: en description: The locale for the custom instructions, a BCP47 language tag. The default value is \"default\". EntitlementBulkUpdateRequest: type: object title: Entitlement Bulk Update Request description: Object for specifying the bulk update request properties: entitlementIds: type: array description: List of entitlement ids to update maxItems: 50 items: type: string example: - 2c91808a7624751a01762f19d665220d - 2c91808a7624751a01762f19d67c220e - 2c91808a7624751a01762f19d692220f jsonPatch: type: array items: $ref: '#/components/schemas/JsonPatchOperation' example: - op: replace path: /privileged value: false - op: replace path: /requestable value: false required: - entitlementIds - jsonPatch EntitlementSourceResetBaseReferenceDto: type: object title: Entitlement Source Reset Base Reference Dto properties: type: type: string description: The DTO type example: TASK_RESULT id: type: string description: The task ID of the object to which this reference applies example: 2c91808568c529c60168cca6f90c1313 name: type: string description: Human-readable display name of the object to which this reference applies example: Entitlement Source Reset LoadEntitlementTask: type: object title: Load Entitlement Task properties: id: description: System-generated unique ID of the task this taskStatus represents type: string example: ef38f94347e94562b5bb8424a56397d8 type: description: Type of task this task represents type: string example: QUARTZ uniqueName: description: The name of the task type: string example: Cloud Group Aggregation description: description: The description of the task type: string example: Aggregate from the specified application launcher: description: The user who initiated the task type: string example: John Doe created: description: The creation date of the task type: string format: date-time example: '2020-07-11T21:23:15.000Z' returns: description: Return values from the task type: array items: type: object properties: displayLabel: description: The display label for the return value type: string example: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_APPLICATIONS attributeName: description: The attribute name for the return value type: string example: applications example: - displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_APPLICATIONS attributeName: applications - displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_TOTAL attributeName: total - displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_CREATED attributeName: groupsCreated - displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_UPDATED attributeName: groupsUpdated - displayLabel: TASK_OUT_ACCOUNT_GROUP_AGGREGATION_DELETED attributeName: groupsDeleted IdentityEntitlements: type: object title: Identity Entitlements properties: objectRef: $ref: '#/components/schemas/TaggedObjectDto' tags: type: array items: type: string description: Labels to be applied to object. example: - BU_FINANCE - PCI PasswordDigitTokenReset: type: object title: Password Digit Token Reset required: - userId properties: userId: type: string description: The uid of the user requested for digit token example: Abby.Smith length: type: integer description: The length of digit token. It should be from 6 to 18, inclusive. The default value is 6. example: 8 durationMinutes: type: integer description: The time to live for the digit token in minutes. The default value is 5 minutes. example: 5 PasswordDigitToken: type: object title: Password Digit Token properties: digitToken: type: string description: The digit token for password management example: 9087713 requestId: type: string description: The reference ID of the digit token generation request example: e1267ecd-fcd9-4c73-9c55-12555efad136 IdentityListItem: type: object title: Identity List Item properties: id: type: string description: the identity ID example: bc693f07e7b645539626c25954c58554 displayName: type: string description: the display name of the identity example: Adam Zampa firstName: type: string nullable: true description: the first name of the identity example: Adam lastName: type: string nullable: true description: the last name of the identity example: Zampa active: type: boolean default: true description: indicates if an identity is active or not example: true deletedDate: type: string nullable: true description: the date when the identity was deleted example: '2007-03-01T13:00:00.000Z' IdentityHistoryResponse: type: object title: Identity History Response properties: id: type: string description: the identity ID example: bc693f07e7b645539626c25954c58554 displayName: type: string description: the display name of the identity example: Adam Zampa snapshot: type: string description: the date when the identity record was created example: '2007-03-01T13:00:00.000Z' deletedDate: type: string description: the date when the identity was deleted example: '2007-03-01T13:00:00.000Z' accessItemCount: type: object description: A map containing the count of each access item example: app: 0 role: 2 entitlement: 4 accessProfile: 3 account: 1 additionalProperties: type: integer format: int32 attributes: type: object description: A map containing the identity attributes additionalProperties: true example: jobTitle: HR Manager location: NYC firstname: Adam lastname: Zampa department: HR AccessItemEntitlementResponse: type: object title: Access Item Entitlement Response properties: id: type: string example: 2c918087763e69d901763e72e97f006f description: the access item id accessType: type: string example: entitlement description: the access item type. entitlement in this case displayName: type: string example: Dr. Arden Rogahn MD description: the display name of the identity sourceName: type: string example: DataScienceDataset description: the name of the source attribute: type: string example: groups description: the entitlement attribute value: type: string example: Upward mobility access description: the associated value type: type: string example: ENTITLEMENT description: the type of entitlement description: type: string example: Entitlement - Workday/Citizenship access description: the description for the entitlment nullable: true sourceId: type: string example: 2793o32dwd description: the id of the source standalone: type: boolean example: true description: indicates whether the entitlement is standalone nullable: true privileged: type: boolean example: false description: indicates whether the entitlement is privileged nullable: true cloudGoverned: type: boolean example: true description: indicates whether the entitlement is cloud governed nullable: true required: - attribute - value - type - standalone - privileged - cloudGoverned AccessItemAccessProfileResponse: type: object title: Access Item Access Profile Response properties: id: type: string example: 2c918087763e69d901763e72e97f006f description: the access item id accessType: type: string example: accessProfile description: the access item type. accessProfile in this case displayName: type: string example: Dr. Arden Rogahn MD description: the display name of the identity sourceName: type: string example: DataScienceDataset description: the name of the source entitlementCount: type: integer format: int32 example: 12 description: the number of entitlements the access profile will create description: type: string example: AccessProfile - Workday/Citizenship access description: the description for the access profile nullable: true sourceId: type: string example: 2793o32dwd description: the id of the source appRefs: type: array items: type: object properties: cloudAppId: type: string example: 8c190e6787aa4ed9a90bd9d5344523fb description: the cloud app id associated with the access profile cloudAppName: type: string example: Sample App description: the cloud app name associated with the access profile example: - cloudAppId: 8c190e6787aa4ed9a90bd9d5344523fb cloudAppName: Sample App - cloudAppId: 2c91808a77ff216301782327a50f09bf cloudAppName: Another App description: the list of app ids associated with the access profile removeDate: type: string example: '2024-07-01T06:00:00.00Z' description: the date the access profile is no longer assigned to the specified identity nullable: true standalone: type: boolean example: false description: indicates whether the access profile is standalone nullable: true revocable: type: boolean example: true description: indicates whether the access profile is revocable nullable: true required: - appRefs - standalone - revocable - entitlementCount AccessItemAccountResponse: type: object title: Access Item Account Response required: - nativeIdentity properties: id: type: string example: 2c918087763e69d901763e72e97f006f description: the access item id accessType: type: string example: account description: the access item type. account in this case displayName: type: string example: Dr. Arden Rogahn MD description: the display name of the identity sourceName: type: string example: DataScienceDataset description: the name of the source nativeIdentity: type: string example: dr.arden.ogahn.d description: the native identifier used to uniquely identify an acccount sourceId: type: string example: 2793o32dwd description: the id of the source entitlementCount: type: integer format: int32 example: 12 description: the number of entitlements the account will create AccessItemRoleResponse: type: object title: Access Item Role Response properties: id: type: string example: 2c918087763e69d901763e72e97f006f description: the access item id accessType: type: string example: role description: the access item type. role in this case displayName: type: string example: sample description: the role display name sourceName: type: string example: Source Name description: the associated source name if it exists nullable: true description: type: string example: Role - Workday/Citizenship access description: the description for the role removeDate: type: string example: '2024-07-01T06:00:00.00Z' description: the date the role is no longer assigned to the specified identity revocable: type: boolean example: true description: indicates whether the role is revocable required: - revocable AccessItemAppResponse: type: object title: Access Item App Response required: - appRoleId properties: id: type: string example: 2c918087763e69d901763e72e97f006f description: the access item id accessType: type: string example: app description: the access item type. entitlement in this case displayName: type: string example: Display Name description: the access item display name sourceName: type: string example: appName description: the associated source name if it exists nullable: true appRoleId: type: string example: 2c918087763e69d901763e72e97f006f description: the app role id nullable: true IdentitySnapshotSummaryResponse: type: object title: Identity Snapshot Summary Response properties: snapshot: type: string description: the date when the identity record was created example: '2007-03-01T13:00:00.000Z' MetricResponse: type: object title: Metric Response properties: name: type: string description: the name of metric value: type: number description: the value associated to the metric example: name: '2021-04-01T00:00:00.000Z' value: 2 CommonAccessType: type: string enum: - ACCESS_PROFILE - ROLE description: The type of access item. CommonAccessItemAccess: type: object title: Common Access Item Access properties: id: type: string description: Common access ID type: $ref: '#/components/schemas/CommonAccessType' description: Common access type (ROLE or ACCESS_PROFILE) name: type: string description: Common access name description: type: string description: Common access description nullable: true ownerName: type: string description: Common access owner name ownerId: type: string description: Common access owner ID CommonAccessResponse: type: object title: Common Access Response properties: id: type: string description: Unique ID of the common access item example: 555ab47a-0d32-4813-906f-adf3567de6a4 access: $ref: '#/components/schemas/CommonAccessItemAccess' description: common access item status: type: string description: CONFIRMED or DENIED commonAccessType: type: string example: UNSET lastUpdated: type: string readOnly: true format: date-time reviewedByUser: type: boolean description: true if user has confirmed or denied status lastReviewed: type: string readOnly: true format: date-time nullable: true createdByUser: type: boolean default: false example: false CommonAccessItemState: type: string enum: - CONFIRMED - DENIED description: State of common access item. CommonAccessItemRequest: type: object title: Common Access Item Request properties: access: $ref: '#/components/schemas/CommonAccessItemAccess' status: $ref: '#/components/schemas/CommonAccessItemState' CommonAccessItemResponse: type: object title: Common Access Item Response properties: id: type: string description: Common Access Item ID access: $ref: '#/components/schemas/CommonAccessItemAccess' status: $ref: '#/components/schemas/CommonAccessItemState' lastUpdated: type: string reviewedByUser: type: boolean lastReviewed: type: string createdByUser: type: string CommonAccessIDStatus: type: object title: Common Access ID Status properties: confirmedIds: description: List of confirmed common access ids. type: array items: type: string format: uuid deniedIds: description: List of denied common access ids. type: array items: type: string format: uuid CertifierResponse: type: object title: Certifier Response properties: id: type: string description: the id of the certifier example: 8a80828f643d484f01643e14202e206f displayName: type: string description: the name of the certifier example: John Snow IdentityCertified: type: object title: Identity Certified required: - certificationId - certificationName properties: certificationId: type: string description: the id of the certification item example: 2c91808a77ff216301782327a50f09bf certificationName: type: string description: the certification item name example: Cert name signedDate: type: string description: the date ceritification was signed example: '2019-03-08T22:37:33.901Z' certifiers: type: array description: this field is deprecated and may go away items: $ref: '#/components/schemas/CertifierResponse' example: - id: 8a80828f643d484f01643e14202e206f displayName: John Snow reviewers: type: array description: The list of identities who review this certification items: $ref: '#/components/schemas/CertifierResponse' example: - id: 8a80828f643d484f01643e14202e206f displayName: John Snow signer: $ref: '#/components/schemas/CertifierResponse' description: Identity who signed off on the certification example: id: 8a80828f643d484f01643e14202e206f displayName: John Snow eventType: type: string description: the event type example: IdentityCertified dateTime: type: string description: the date of event example: '2019-03-08T22:37:33.901Z' CorrelatedGovernanceEvent: type: object title: Correlated Governance Event nullable: true properties: name: type: string description: The name of the governance event, such as the certification name or access request ID. example: Manager Certification for Jon Snow dateTime: type: string description: The date that the certification or access request was completed. example: '2019-03-08T22:37:33.901Z' type: type: string enum: - certification - accessRequest description: The type of governance event. example: certification governanceId: type: string description: The ID of the instance that caused the event - either the certification ID or access request ID. example: 2c91808a77ff216301782327a50f09bf owners: type: array description: The owners of the governance event (the certifiers or approvers) items: $ref: '#/components/schemas/CertifierResponse' example: - id: 8a80828f643d484f01643e14202e206f displayName: John Snow reviewers: type: array description: The owners of the governance event (the certifiers or approvers), this field should be preferred over owners items: $ref: '#/components/schemas/CertifierResponse' example: - id: 8a80828f643d484f01643e14202e206f displayName: John Snow decisionMaker: description: The decision maker $ref: '#/components/schemas/CertifierResponse' example: id: 8a80828f643d484f01643e14202e206f displayName: John Snow AccessItemAssociated: type: object title: Access Item Associated required: - accessItem - governanceEvent properties: eventType: type: string description: the event type example: AccessItemAssociated dateTime: type: string description: the date of event example: '2019-03-08T22:37:33.901Z' identityId: type: string description: the identity id example: 8c190e6787aa4ed9a90bd9d5344523fb accessItem: type: object anyOf: - $ref: '#/components/schemas/AccessItemEntitlementResponse' - $ref: '#/components/schemas/AccessItemAccessProfileResponse' - $ref: '#/components/schemas/AccessItemAccountResponse' - $ref: '#/components/schemas/AccessItemRoleResponse' - $ref: '#/components/schemas/AccessItemAppResponse' example: id: 8c190e6787aa4ed9a90bd9d5344523fb accessType: account nativeIdentity: 127999 sourceName: JDBC Entitlements Source entitlementCount: 0 displayName: Sample Name governanceEvent: $ref: '#/components/schemas/CorrelatedGovernanceEvent' example: name: Manager Certification for Jon Snow dateTime: '2019-03-08T22:37:33.901Z' type: certification governanceId: 2c91808a77ff216301782327a50f09bf owners: - id: bc693f07e7b645539626c25954c58554 displayName: Jon Snow reviewers: - id: bc693f07e7b645539626c25954c58554 displayName: Jon Snow decisionMaker: id: bc693f07e7b645539626c25954c58554 displayName: Jon Snow accessItemType: type: string enum: - account - app - entitlement - role - accessProfile description: the access item type example: account AccessItemRemoved: type: object title: Access Item Removed required: - accessItem properties: accessItem: type: object anyOf: - $ref: '#/components/schemas/AccessItemEntitlementResponse' - $ref: '#/components/schemas/AccessItemAccessProfileResponse' - $ref: '#/components/schemas/AccessItemAccountResponse' - $ref: '#/components/schemas/AccessItemRoleResponse' - $ref: '#/components/schemas/AccessItemAppResponse' example: id: 8c190e6787aa4ed9a90bd9d5344523fb accessType: account nativeIdentity: 127999 sourceName: JDBC Entitlements Source entitlementCount: 0 displayName: Sample Name identityId: type: string description: the identity id example: 8c190e6787aa4ed9a90bd9d5344523fb eventType: type: string description: the event type example: AccessItemRemoved dateTime: type: string description: the date of event example: '2019-03-08T22:37:33.901Z' accessItemType: type: string enum: - account - app - entitlement - role - accessProfile description: the access item type example: account governanceEvent: $ref: '#/components/schemas/CorrelatedGovernanceEvent' example: name: Manager Certification for Jon Snow dt: '2019-03-08T22:37:33.901Z' type: certification governanceId: 2c91808a77ff216301782327a50f09bf owners: - id: bc693f07e7b645539626c25954c58554 displayName: Jon Snow reviewers: - id: bc693f07e7b645539626c25954c58554 displayName: Jon Snow decisionMaker: id: bc693f07e7b645539626c25954c58554 displayName: Jon Snow AttributeChange: type: object title: Attribute Change properties: name: type: string description: the attribute name example: firstname previousValue: type: string description: the old value of attribute example: adam newValue: type: string description: the new value of attribute example: zampa AttributesChanged: type: object title: Attributes Changed required: - attributeChanges properties: attributeChanges: type: array items: $ref: '#/components/schemas/AttributeChange' eventType: type: string description: the event type example: AttributesChanged identityId: type: string description: the identity id example: 8c190e6787aa4ed9a90bd9d5344523fb dateTime: type: string description: the date of event example: '2019-03-08T22:37:33.901Z' AccessRequested: type: object title: Access Requested required: - account - statusChange properties: eventType: type: string example: AccountStatusChanged description: the event type identityId: type: string description: the identity id example: 8a80828f643d484f01643e14202e206f dateTime: type: string description: the date of event example: '2019-03-08T22:37:33.901Z' account: type: object properties: id: type: string description: the ID of the account in the database example: 2c91808a77ff216301782327a50f09bf nativeIdentity: type: string description: the native identifier of the account example: dr.arden.ogahn.d displayName: type: string description: the display name of the account example: Adam Archer sourceId: type: string description: the ID of the source for this account example: 8a80828f643d484f01643e14202e206f sourceName: type: string description: the name of the source for this account example: JDBC Entitlements Source entitlementCount: type: integer description: the number of entitlements on this account format: int32 example: 2 accessType: type: string description: this value is always "account" example: account statusChange: type: object properties: previousStatus: type: string description: the previous status of the account enum: - enabled - disabled - locked example: enabled newStatus: type: string description: the new status of the account enum: - enabled - disabled - locked example: disabled AccountStatusChanged: type: object title: Account Status Changed required: - account - statusChange properties: eventType: type: string example: AccountStatusChanged description: the event type identityId: type: string description: the identity id example: 8a80828f643d484f01643e14202e206f dateTime: type: string description: the date of event example: '2019-03-08T22:37:33.901Z' account: type: object properties: id: type: string description: the ID of the account in the database example: 2c91808a77ff216301782327a50f09bf nativeIdentity: type: string description: the native identifier of the account example: dr.arden.ogahn.d displayName: type: string description: the display name of the account example: Adam Archer sourceId: type: string description: the ID of the source for this account example: 8a80828f643d484f01643e14202e206f sourceName: type: string description: the name of the source for this account example: JDBC Entitlements Source entitlementCount: type: integer format: int32 description: the number of entitlements on this account example: 2 accessType: type: string description: this value is always "account" example: account statusChange: type: object properties: previousStatus: type: string description: the previous status of the account enum: - enabled - disabled - locked example: enabled newStatus: type: string description: the new status of the account enum: - enabled - disabled - locked example: disabled IdentityCompareResponse: type: object title: Identity Compare Response properties: accessItemDiff: type: object description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check. additionalProperties: type: object example: accessItemDiff: role: accessAdded: 2 accessRemoved: 3 entitlement: accessAdded: 4 accessRemoved: 0 accessProfile: accessAdded: 0 accessRemoved: 1 AccessItemDiff: type: object title: Access Item Diff properties: id: type: string description: the id of the access item eventType: type: string enum: - ADD - REMOVE displayName: type: string description: the display name of the access item sourceName: type: string description: the source name of the access item example: id: 2c91808c7726345b017726a0a2fb013b eventType: ADD displayName: Test sourceName: Source IdentitySyncPayload: type: object title: Identity Sync Payload properties: type: type: string description: Payload type. example: SYNCHRONIZE_IDENTITY_ATTRIBUTES dataJson: type: string description: Payload type. example: '{"identityId":"2c918083746f642c01746f990884012a"}' required: - type - dataJson IdentitySyncJob: type: object title: Identity Sync Job properties: id: type: string description: Job ID. example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde status: type: string description: The job status. enum: - QUEUED - IN_PROGRESS - SUCCESS - ERROR example: IN_PROGRESS payload: description: Job payload. $ref: '#/components/schemas/IdentitySyncPayload' example: type: SYNCHRONIZE_IDENTITY_ATTRIBUTES dataJson: '{"identityId":"2c918083746f642c01746f990884012a"}' required: - id - status - payload InviteIdentitiesRequest: type: object title: Invite Identities Request properties: ids: description: The list of Identities IDs to invite - required when 'uninvited' is false type: array items: type: string nullable: true example: - 2b568c65bc3c4c57a43bd97e3a8e55 - 2c9180867769897d01776ed5f125512f uninvited: description: indicator (optional) to invite all unregistered identities in the system within a limit 1000. This parameter makes sense only when 'ids' is empty. type: boolean default: false example: false Target: type: object title: Target nullable: true properties: id: description: Target ID type: string example: c6dc37bf508149b28ce5b7d90ca4bbf9 type: description: Target type type: string nullable: true enum: - APPLICATION - IDENTITY - null example: APPLICATION name: description: Target name type: string example: Active Directory [source] LocalizedMessage: type: object title: Localized Message nullable: true description: Localized error message to indicate a failed invocation or error if any. required: - locale - message properties: locale: description: Message locale type: string example: An error has occurred! message: description: Message text type: string example: Error has occurred! TaskStatusMessage: description: TaskStatus Message required: - key - localizedText - type - parameters type: object title: Task Status Message properties: type: description: Type of the message type: string enum: - INFO - WARN - ERROR example: INFO localizedText: description: Localized form of the message $ref: '#/components/schemas/LocalizedMessage' key: description: Key of the message type: string example: akey parameters: description: Message parameters for internationalization nullable: true type: array items: anyOf: - type: object - type: string example: - name: value TaskReturnDetails: description: Task return details required: - name - attributeName type: object title: Task Return Details properties: name: description: Display name of the TaskReturnDetails type: string example: label attributeName: description: Attribute the TaskReturnDetails is for type: string example: identityCount TaskDefinitionSummary: description: Definition of a type of task, used to invoke tasks required: - arguments - description - executor - id - uniqueName - parentName type: object title: Task Definition Summary properties: id: description: System-generated unique ID of the TaskDefinition type: string example: 2c91808475b4334b0175e1dff64b63c5 uniqueName: description: Name of the TaskDefinition type: string example: Cloud Account Aggregation description: nullable: true description: Description of the TaskDefinition type: string example: Aggregates from the specified application. parentName: description: Name of the parent of the TaskDefinition type: string example: Cloud Account Aggregation executor: description: Executor of the TaskDefinition nullable: true type: string example: sailpoint.task.ServiceTaskExecutor arguments: description: Formal parameters of the TaskDefinition, without values type: object additionalProperties: true example: mantisExecutor: com.sailpoint.mantis.sources.task.AccountAggregationTask eventClassesCsv: sailpoint.thunderbolt.events.AggregationEvents serviceClass: sailpoint.thunderbolt.service.AggregationService serviceMethod: accountAggregationTask TaskStatus: description: Details and current status of a specific task required: - id - type - uniqueName - description - parentName - attributes - created - modified - launched - launcher - completed - completionStatus - messages - progress - percentComplete - returns type: object title: Task Status properties: id: description: System-generated unique ID of the task this TaskStatus represents type: string example: id12345 type: description: Type of task this TaskStatus represents type: string enum: - QUARTZ - QPOC - QUEUED_TASK example: QUARTZ uniqueName: description: Name of the task this TaskStatus represents type: string example: Big Task description: description: Description of the task this TaskStatus represents type: string example: A Really Big Task parentName: description: Name of the parent of the task this TaskStatus represents nullable: true type: string example: Parent Task launcher: description: Service to execute the task this TaskStatus represents type: string example: sweep target: $ref: '#/components/schemas/Target' created: description: Creation date of the task this TaskStatus represents type: string format: date-time example: '2020-07-11T21:23:15.000Z' modified: description: Last modification date of the task this TaskStatus represents type: string format: date-time example: '2020-07-11T21:23:15.000Z' launched: description: Launch date of the task this TaskStatus represents nullable: true type: string format: date-time example: '2020-07-11T21:23:15.000Z' completed: description: Completion date of the task this TaskStatus represents nullable: true type: string format: date-time example: '2020-07-11T21:23:15.000Z' completionStatus: description: Completion status of the task this TaskStatus represents type: string nullable: true enum: - SUCCESS - WARNING - ERROR - TERMINATED - TEMPERROR - null example: SUCCESS messages: description: Messages associated with the task this TaskStatus represents type: array items: $ref: '#/components/schemas/TaskStatusMessage' returns: description: Return values from the task this TaskStatus represents type: array items: $ref: '#/components/schemas/TaskReturnDetails' attributes: description: Attributes of the task this TaskStatus represents type: object additionalProperties: true example: identityCount: 0 progress: description: Current progress of the task this TaskStatus represents nullable: true type: string example: Started percentComplete: description: Current percentage completion of the task this TaskStatus represents type: integer example: 100 taskDefinitionSummary: $ref: '#/components/schemas/TaskDefinitionSummary' SendAccountVerificationRequest: type: object title: Send Account Verification Request properties: sourceName: description: The source name where identity account password should be reset type: string nullable: true example: Active Directory Source via: description: The method to send notification type: string enum: - EMAIL_WORK - EMAIL_PERSONAL - LINK_WORK - LINK_PERSONAL example: EMAIL_WORK required: - via ProcessIdentitiesRequest: type: object title: Process Identities Request properties: identityIds: type: array minItems: 1 maxItems: 250 description: List of up to 250 identity IDs to process. items: type: string example: ef38f94347e94562b5bb8424a56397d8 TaskResultResponse: type: object title: Task Result Response properties: type: type: string description: the type of response reference example: TASK_RESULT id: type: string description: the task ID example: 78733556-9ea3-4f59-bf69-e5cd92b011b4 name: type: string description: the task name (not used in this endpoint, always null) example: 'null' Source-2: type: object properties: type: type: string description: Attribute mapping type. example: rule properties: type: object description: Attribute mapping properties. example: ruleType: IdentityAttribute ruleName: Cloud Promote Identity Attribute IdentityAttribute-2: type: object required: - name properties: name: type: string description: Identity attribute's technical name. example: costCenter displayName: type: string description: Identity attribute's business-friendly name. example: Cost Center standard: type: boolean description: Indicates whether the attribute is 'standard' or 'default'. default: false example: false type: type: string description: Identity attribute's type. nullable: true example: string multi: type: boolean description: Indicates whether the identity attribute is multi-valued. default: false example: false searchable: type: boolean description: Indicates whether the identity attribute is searchable. default: false example: false system: type: boolean description: Indicates whether the identity attribute is 'system', meaning that it doesn't have a source and isn't configurable. default: false example: false sources: description: Identity attribute's list of sources - this specifies how the rule's value is derived. type: array items: $ref: '#/components/schemas/Source-2' IdentityAttributeNames: type: object description: Identity attribute IDs. properties: ids: description: List of identity attributes' technical names. type: array items: type: string example: name example: - name - displayName Launcher: type: object title: Launcher required: - id - created - modified - owner - name - description - disabled - type - config properties: id: type: string description: ID of the Launcher example: 1b630bed-0941-4792-a712-57a5868ca34d format: uuid created: type: string description: Date the Launcher was created example: '2024-04-16T20:07:30.601016489Z' format: date-time modified: type: string description: Date the Launcher was last modified example: '2024-04-17T18:02:07.320143194Z' format: date-time owner: type: object description: Owner of the Launcher required: - type - id properties: type: type: string description: Owner type example: IDENTITY id: type: string description: Owner ID example: 123180847373330f0173c7e1756b6890 name: type: string description: Name of the Launcher, limited to 255 characters example: Group Create description: type: string description: Description of the Launcher, limited to 2000 characters example: Create a new Active Directory Group type: type: string description: Launcher type example: INTERACTIVE_PROCESS enum: - INTERACTIVE_PROCESS disabled: type: boolean description: State of the Launcher example: false reference: type: object properties: type: type: string description: Type of Launcher reference example: WORKFLOW enum: - WORKFLOW id: type: string description: ID of Launcher reference example: 2fd6ff94-2081-4d29-acbc-83a0a2f744a5 config: type: string description: | JSON configuration associated with this Launcher, restricted to a max size of 4KB example: '{"workflowId" : "6b42d9be-61b6-46af-827e-ea29ba8aa3d9"}' pattern: ^\{\}$ LauncherRequest: type: object title: Launcher Request required: - name - description - type - disabled - config properties: name: type: string description: Name of the Launcher, limited to 255 characters example: Group Create description: type: string description: Description of the Launcher, limited to 2000 characters example: Create a new Active Directory Group type: type: string description: Launcher type example: INTERACTIVE_PROCESS enum: - INTERACTIVE_PROCESS disabled: type: boolean description: State of the Launcher example: false reference: type: object required: - id - type properties: type: type: string description: Type of Launcher reference example: WORKFLOW enum: - WORKFLOW id: type: string description: ID of Launcher reference example: 2fd6ff94-2081-4d29-acbc-83a0a2f744a5 config: type: string description: | JSON configuration associated with this Launcher, restricted to a max size of 4KB example: '{"workflowId" : "6b42d9be-61b6-46af-827e-ea29ba8aa3d9"}' pattern: ^\{\}$ MailFromAttributesDto: type: object title: Mail From Attributes Dto properties: identity: type: string example: BobSmith@sailpoint.com description: The identity or domain address mailFromDomain: type: string example: example.sailpoint.com description: The new MAIL FROM domain of the identity. Must be a subdomain of the identity. description: MAIL FROM attributes for a domain / identity MailFromAttributes: type: object title: Mail From Attributes properties: identity: type: string example: bob.smith@sailpoint.com description: The email identity mailFromDomain: type: string example: foo.sailpoint.com description: The name of a domain that an email identity uses as a custom MAIL FROM domain mxRecord: type: string example: 10 feedback-smtp.us-east-1.amazonses.com description: MX record that is required in customer's DNS to allow the domain to receive bounce and complaint notifications that email providers send you txtRecord: type: string example: v=spf1 include:amazonses.com ~all description: TXT record that is required in customer's DNS in order to prove that Amazon SES is authorized to send email from your domain mailFromDomainStatus: type: string enum: - PENDING - SUCCESS - FAILED example: PENDING description: The current status of the MAIL FROM verification description: MAIL FROM attributes for a domain / identity ApprovalIdentity: type: object title: Approval Identity properties: id: type: string example: 85d173e7d57e496569df763231d6deb6a description: The identity ID type: type: string enum: - IDENTITY example: IDENTITY description: Indication of what group the identity belongs to. Ie, IDENTITY, GOVERNANCE_GROUP, etc name: type: string example: John Doe description: Name of the identity description: Identity Object ApprovalName: type: object title: Approval Name properties: value: type: string example: Audit DB Access description: Name of the approval locale: type: string example: en_US description: What locale the name of the approval is using description: Approval Name Object ApprovalBatch: type: object title: Approval Batch properties: batchId: type: string example: 38453251-6be2-5f8f-df93-5ce19e295837 description: ID of the batch batchSize: type: integer format: int64 example: 100 description: How many approvals are going to be in this batch. Defaults to 1 if not provided. description: Batch properties if an approval is sent via batching. ApprovalDescription: type: object title: Approval Description properties: value: type: string example: This access allows viewing and editing of workflow resource description: The description of what the approval is asking for locale: type: string example: en_US description: What locale the description of the approval is using description: The description of what the approval is asking for ApprovalComment-3: type: object title: Approval Comment properties: author: $ref: '#/components/schemas/ApprovalIdentity' comment: type: string example: Looks good description: Comment to be left on an approval createdDate: type: string example: '2023-04-12T23:20:50.52Z' description: Date the comment was created description: Comments Object ApprovalReference: type: object title: Approval Reference properties: id: type: string example: 64012350-8fd9-4f6c-a170-1fe123683899 description: Id of the reference object type: type: string example: AccessRequestId description: What reference object does this ID correspond to description: Reference objects related to the approval Approval-2: type: object title: Approval properties: approvalId: type: string example: 38453251-6be2-5f8f-df93-5ce19e295837 description: The Approval ID approvers: type: array items: $ref: '#/components/schemas/ApprovalIdentity' description: Object representation of an approver of an approval createdDate: type: string example: '2023-04-12T23:20:50.52Z' description: Date the approval was created type: type: string example: ENTITLEMENT_DESCRIPTIONS description: Type of approval name: type: array items: $ref: '#/components/schemas/ApprovalName' description: The name of the approval for a given locale batchRequest: type: object description: The name of the approval for a given locale $ref: '#/components/schemas/ApprovalBatch' example: batchId: 38453251-6be2-5f8f-df93-5ce19e295837 batchSize: 100 description: type: array items: $ref: '#/components/schemas/ApprovalDescription' description: The description of the approval for a given locale priority: type: string enum: - HIGH - MEDIUM - LOW example: HIGH description: The priority of the approval requester: type: object description: Object representation of the requester of the approval $ref: '#/components/schemas/ApprovalIdentity' example: id: 85d173e7d57e496569df763231d6deb6a type: IDENTITY name: John Doe comments: type: array items: $ref: '#/components/schemas/ApprovalComment-3' description: Object representation of a comment on the approval approvedBy: type: array items: $ref: '#/components/schemas/ApprovalIdentity' description: Array of approvers who have approved the approval rejectedBy: type: array items: $ref: '#/components/schemas/ApprovalIdentity' description: Array of approvers who have rejected the approval completedDate: type: string example: '2023-04-12T23:20:50.52Z' description: Date the approval was completed approvalCriteria: type: string enum: - SINGLE - DOUBLE - TRIPLE - QUARTER - HALF - ALL example: SINGLE description: Criteria that needs to be met for an approval to be marked as approved status: type: string enum: - PENDING - APPROVED - REJECTED example: PENDING description: The current status of the approval additionalAttributes: type: string example: '{ "llm_description": "generated description" }' description: Json string representing additional attributes known about the object to be approved. referenceData: type: array items: $ref: '#/components/schemas/ApprovalReference' description: Reference data related to the approval description: Approval Object MachineAccount: allOf: - $ref: '#/components/schemas/BaseCommonDto' - type: object required: - nativeIdentity - classificationMethod - connectorAttributes - manuallyEdited - locked - enabled - hasEntitlements - source properties: description: type: string description: A description of the machine account nullable: true example: Service account for Active Directory nativeIdentity: type: string description: The unique ID of the machine account generated by the source system example: '552775' uuid: type: string description: The unique ID of the account as determined by the account schema example: '{b0dce506-d6d4-44d2-8a32-d9a5b21fb175}' nullable: true classificationMethod: description: Classification Method type: string enum: - SOURCE - CRITERIA - DISCOVERY - MANUAL example: SOURCE machineIdentity: description: The machine identity this account is associated with example: id: 1540e5a4-6c2e-4bf1-b88e-c08cae0696e9 type: MACHINE_IDENTITY name: SVC_ADService ownerIdentity: description: The identity who owns this account. nullable: true example: id: 2c918084660f45d6016617daa9210584 type: IDENTITY name: Adam Kennedy accessType: type: string example: direct description: The connection type of the source this account is from subtype: type: string nullable: true example: null description: The sub-type environment: type: string nullable: true example: TEST description: Environment attributes: type: object nullable: true additionalProperties: true description: Custom attributes specific to the machine account example: firstName: SailPoint lastName: Support displayName: SailPoint Support connectorAttributes: type: object nullable: true additionalProperties: true description: The connector attributes for the account example: mail: machine-178@sailpoint.com givenName: Support displayName: SailPoint Support manuallyCorrelated: type: boolean description: Indicates if the account has been manually correlated to an identity default: false example: true manuallyEdited: type: boolean description: Indicates if the account has been manually edited default: false example: true locked: type: boolean description: Indicates if the account is currently locked example: false enabled: type: boolean description: Indicates if the account is enabled default: false example: false hasEntitlements: type: boolean description: Indicates if the account has entitlements default: true example: false source: description: The source this machine account belongs to. example: id: 8d3e0094e99445de98eef6c75e25jc04 type: SOURCE name: Active Directory MachineClassificationCriteriaOperation: type: string enum: - EQUALS - NOT_EQUALS - STARTS_WITH - ENDS_WITH - CONTAINS - AND - OR description: An operation to perform on the classification criteria example: EQUALS MachineClassificationCriteriaLevel3: type: object properties: operation: $ref: '#/components/schemas/MachineClassificationCriteriaOperation' caseSensitive: type: boolean description: Indicates whether or not case matters when evaluating the criteria example: false default: false dataType: type: string description: The data type of the attribute being evaluated nullable: true example: null attribute: type: string description: The attribute to evaluate in the classification criteria nullable: true example: sAMAccountName value: type: string description: The value to compare against the attribute in the classification criteria nullable: true example: SVC children: type: array description: An array of child classification criteria objects nullable: true example: null MachineClassificationCriteriaLevel2: type: object properties: operation: $ref: '#/components/schemas/MachineClassificationCriteriaOperation' caseSensitive: type: boolean description: Indicates whether case matters when evaluating the criteria example: false default: false dataType: type: string description: The data type of the attribute being evaluated nullable: true example: null attribute: type: string description: The attribute to evaluate in the classification criteria nullable: true example: employeeType value: type: string description: The value to compare against the attribute in the classification criteria nullable: true example: SERVICE children: type: array items: $ref: '#/components/schemas/MachineClassificationCriteriaLevel3' description: An array of child classification criteria objects nullable: true example: null MachineClassificationCriteriaLevel1: type: object properties: operation: $ref: '#/components/schemas/MachineClassificationCriteriaOperation' caseSensitive: type: boolean description: Indicates whether case matters when evaluating the criteria example: false default: false dataType: type: string description: The data type of the attribute being evaluated nullable: true example: null attribute: type: string description: The attribute to evaluate in the classification criteria nullable: true example: distinguishedName value: type: string description: The value to compare against the attribute in the classification criteria nullable: true example: OU=Service Accounts children: type: array items: $ref: '#/components/schemas/MachineClassificationCriteriaLevel2' description: An array of child classification criteria objects nullable: true example: null MachineClassificationConfig: allOf: - type: object properties: enabled: type: boolean default: false description: Indicates whether Classification is enabled for a Source example: true classificationMethod: description: Classification Method type: string enum: - SOURCE - CRITERIA example: SOURCE criteria: $ref: '#/components/schemas/MachineClassificationCriteriaLevel1' created: type: string format: date-time example: '2017-07-11T18:45:37.098Z' description: Date the config was created modified: type: string format: date-time example: '2018-06-25T20:22:28.104Z' description: Date the config was last updated nullable: true AttributeMappings: allOf: - type: object properties: target: description: Targeted Entity type: object properties: type: description: The type of target entity type: string enum: - IDENTITY example: IDENTITY attributeName: type: string description: Name of the targeted attribute example: businessApplication sourceId: type: string example: 2c9180835d2e5168015d32f890ca1581 description: The ID of Source transformDefinition: type: object properties: type: description: The type of transform type: string example: reference attributes: type: object description: attributes object properties: input: description: Input Object type: object properties: type: description: The Type of Attribute type: string example: accountAttribute attributes: description: Attibute Mapping Object type: object properties: attributeName: description: The name of attribute type: string example: givenName sourceName: type: string description: Name of the Source example: delimited-src name: type: string description: ID of the Source example: 8d3e0094e99445de98eef6c75e25jc04 id: type: string description: Transform Operation example: ToUpper MachineIdentity: allOf: - $ref: '#/components/schemas/BaseCommonDto' - type: object title: MachineIdentityDto required: - businessApplication properties: businessApplication: type: string description: The business application that the identity represents example: ADService description: type: string description: Description of machine identity example: '' manuallyEdited: type: boolean description: Indicates if the machine identity has been manually edited default: false example: true attributes: type: object description: A map of custom machine identity attributes example: '{"Region":"EU"}' TemplateSlack: type: object title: Template Slack nullable: true properties: key: type: string nullable: true text: type: string blocks: type: string nullable: true attachments: type: string notificationType: type: string nullable: true approvalId: type: string nullable: true requestId: type: string nullable: true requestedById: type: string nullable: true isSubscription: type: boolean nullable: true autoApprovalData: type: object nullable: true properties: isAutoApproved: type: string nullable: true itemId: type: string nullable: true itemType: type: string nullable: true autoApprovalMessageJSON: type: string nullable: true autoApprovalTitle: type: string nullable: true customFields: type: object nullable: true properties: requestType: type: string nullable: true containsDeny: type: string nullable: true campaignId: type: string nullable: true campaignStatus: type: string nullable: true TemplateTeams: type: object title: Template Teams nullable: true properties: key: type: string nullable: true title: type: string nullable: true text: type: string messageJSON: type: string nullable: true isSubscription: type: boolean nullable: true approvalId: type: string nullable: true requestId: type: string nullable: true requestedById: type: string nullable: true notificationType: type: string nullable: true autoApprovalData: type: object nullable: true properties: isAutoApproved: type: string nullable: true itemId: type: string nullable: true itemType: type: string nullable: true autoApprovalMessageJSON: type: string nullable: true autoApprovalTitle: type: string nullable: true customFields: type: object nullable: true properties: requestType: type: string nullable: true containsDeny: type: string nullable: true campaignId: type: string nullable: true campaignStatus: type: string nullable: true TemplateDtoDefault: type: object title: Template Dto Default properties: key: type: string example: cloud_manual_work_item_summary description: The key of the default template name: type: string example: Task Manager Subscription description: The name of the default template medium: type: string description: The message medium. More mediums may be added in the future. enum: - EMAIL - PHONE - SMS - SLACK - TEAMS example: EMAIL locale: type: string description: The locale for the message text, a BCP 47 language tag. example: en subject: type: string example: You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}. description: The subject of the default template nullable: true header: type: string nullable: true example: null deprecated: true description: The header value is now located within the body field. If included with non-null values, will result in a 400. body: type: string example: Please go to the task manager description: The body of the default template footer: type: string nullable: true example: null deprecated: true description: The footer value is now located within the body field. If included with non-null values, will result in a 400. from: type: string example: $__global.emailFromAddress description: The "From:" address of the default template nullable: true replyTo: type: string example: $__global.emailFromAddress description: The "Reply To" field of the default template nullable: true description: type: string example: Daily digest - sent if number of outstanding tasks for task owner > 0 description: The description of the default template nullable: true slackTemplate: $ref: '#/components/schemas/TemplateSlack' teamsTemplate: $ref: '#/components/schemas/TemplateTeams' TemplateDto: type: object title: Template Dto properties: key: type: string example: cloud_manual_work_item_summary description: The key of the template name: type: string example: Task Manager Subscription description: The name of the Task Manager Subscription medium: type: string description: The message medium. More mediums may be added in the future. enum: - EMAIL - PHONE - SMS - SLACK - TEAMS example: EMAIL locale: type: string description: The locale for the message text, a BCP 47 language tag. example: en subject: type: string example: You have $numberOfPendingTasks $taskTasks to complete in ${__global.productName}. description: The subject line in the template header: type: string nullable: true example: null deprecated: true description: The header value is now located within the body field. If included with non-null values, will result in a 400. body: type: string example: Please go to the task manager description: The body in the template footer: type: string nullable: true example: null deprecated: true description: The footer value is now located within the body field. If included with non-null values, will result in a 400. from: type: string example: $__global.emailFromAddress description: The "From:" address in the template replyTo: type: string example: $__global.emailFromAddress description: The "Reply To" line in the template description: type: string example: Daily digest - sent if number of outstanding tasks for task owner > 0 description: The description in the template id: type: string example: c17bea3a-574d-453c-9e04-4365fbf5af0b description: This is auto-generated. created: type: string format: date-time description: The time when this template is created. This is auto-generated. example: '2020-01-01T00:00:00.000000Z' modified: type: string format: date-time description: The time when this template was last modified. This is auto-generated. example: '2020-01-01T00:00:00.000000Z' slackTemplate: type: string nullable: true teamsTemplate: type: string nullable: true required: - key - medium - locale TemplateBulkDeleteDto: type: object title: Template Bulk Delete Dto properties: key: type: string example: cloud_manual_work_item_summary medium: type: string enum: - EMAIL - PHONE - SMS example: EMAIL locale: type: string description: The locale for the message text, a BCP 47 language tag. example: en required: - key ReportConfigDTO: type: object title: Report Config DTO properties: columnName: type: string description: Name of column in report example: SOD Business Name required: type: boolean description: If true, column is required in all reports, and this entry is immutable. A 400 error will result from any attempt to modify the column's definition. example: true default: false included: type: boolean description: If true, column is included in the report. A 400 error will be thrown if an attempt is made to set included=false if required==true. example: false default: false order: type: integer format: int32 minimum: 0 maximum: 2147483647 description: Relative sort order for the column. Columns will be displayed left-to-right in nondecreasing order. example: 2 OrgConfig: type: object title: Org Config description: DTO class for OrgConfig data accessible by customer external org admin ("ORG_ADMIN") users properties: orgName: type: string description: The name of the org. example: acme-solar timeZone: type: string description: The selected time zone which is to be used for the org. This directly affects when scheduled tasks are executed. Valid options can be found at /beta/org-config/valid-time-zones example: America/Toronto lcsChangeHonorsSourceEnableFeature: type: boolean description: Flag to determine whether the LCS_CHANGE_HONORS_SOURCE_ENABLE_FEATURE flag is enabled for the current org. example: false armCustomerId: type: string description: ARM Customer ID nullable: true example: DE38E75A-5FF6-4A65-5DC7-08D64426B09E armSapSystemIdMappings: type: string description: A list of IDN::sourceId to ARM::systemId mappings. nullable: true example: - sourceId: 2c91808c791a94e501792388b0d62659 systemId: '1556' - sourceId: 2_2c91808c791a94e501792388b0d62659 systemId: '2_1556' - sourceId: 3_2c91808c791a94e501792388b0d62659 systemId: '3_1556' armAuth: type: string description: ARM authentication string nullable: true example: epiYNTRYA2S7swisDWk1Zv4VMNgvqEjiBh5_ufuCWsma2m-5XADijqBg0ijXLby5nS6lxZNXabhGnAPGeDGc4V3jQKrhwV-UHypRLs8ZLgOjiQNus9NimS0uPdKomRW6TFWqXyfnYd-znNgbbVuwUy9GyD9ebDVJSntPastxSx7UcyGuWBqfNZYpuxKRWe_7TVY60qL55jUqyz8N4XUbbdcxdbZ0uik6ut-Bv90MKTbZexBW_PR4qcgIkaEs4kIenLyBxnGziYo7AO0tJ8bGHO8FJRkibCpAQIt7PISLo7Gg_Xf9j10dKq2YDgy4pPTvz3fE2ZHYnXCXvXFSA-vVag== armDb: type: string description: ARM database name nullable: true example: EU armSsoUrl: type: string description: ARM SSO URL nullable: true example: https://your-arm-sso-url iaiEnableCertificationRecommendations: type: boolean description: Flag to determine whether IAI Certification Recommendations are enabled for the current org example: true sodReportConfigs: type: array items: $ref: '#/components/schemas/ReportConfigDTO' OutlierSummary: type: object title: Outlier Summary properties: type: type: string enum: - LOW_SIMILARITY - STRUCTURAL description: The type of outlier summary example: LOW_SIMILARITY snapshotDate: type: string format: date-time description: The date the bulk outlier detection ran/snapshot was created example: '2021-05-01T18:40:35.772Z' totalOutliers: type: integer description: Total number of outliers for the customer making the request example: 50 totalIdentities: type: integer description: Total number of identities for the customer making the request example: 5000 totalIgnored: type: integer default: 0 example: 0 LatestOutlierSummary: type: object title: Latest Outlier Summary properties: type: type: string enum: - LOW_SIMILARITY - STRUCTURAL description: The type of outlier summary example: LOW_SIMILARITY snapshotDate: type: string format: date-time description: The date the bulk outlier detection ran/snapshot was created example: '2021-05-01T18:40:35.772Z' totalOutliers: type: integer description: Total number of outliers for the customer making the request example: 50 totalIdentities: type: integer description: Total number of identities for the customer making the request example: 5000 totalIgnored: type: integer description: Total number of ignored outliers example: 10 Outlier: type: object title: Outlier properties: id: type: string description: The identity's unique identifier for the outlier record example: 5be33d3e-c54d-4ed7-af73-2380543e8283 identityId: type: string description: The ID of the identity that is detected as an outlier example: 5be33d3e-c54d-4ed7-af73-2380543e8283 type: type: string enum: - LOW_SIMILARITY - STRUCTURAL description: The type of outlier summary example: LOW_SIMILARITY firstDetectionDate: type: string format: date-time description: The first date the outlier was detected example: '2021-05-01T18:40:35.772Z' latestDetectionDate: type: string format: date-time description: The most recent date the outlier was detected example: '2021-05-03T18:40:35.772Z' ignored: type: boolean description: Flag whether or not the outlier has been ignored example: false attributes: type: object description: Object containing mapped identity attributes example: displayName: John Smith jobTitle: Software Engineer department: Engineering score: type: number format: float description: The outlier score determined by the detection engine ranging from 0..1 example: 0.92 unignoreType: type: string enum: - MANUAL - AUTOMATIC - null description: Enum value of if the outlier manually or automatically un-ignored. Will be NULL if outlier is not ignored example: MANUAL nullable: true unignoreDate: type: string format: date-time description: shows date when last time has been unignored outlier example: '2021-06-01T18:40:35.772Z' nullable: true ignoreDate: type: string format: date-time description: shows date when last time has been ignored outlier example: '2021-06-01T18:40:35.772Z' nullable: true OutlierValueType: type: object description: The data type of the value field properties: name: type: string enum: - INTEGER - FLOAT description: The data type of the value field example: INTEGER ordinal: description: The position of the value type type: integer format: int32 minimum: 0 maximum: 1 example: 0 OutlierFeatureTranslation: type: object title: Outlier Feature Translation nullable: true properties: displayName: $ref: '#/components/schemas/TranslationMessage' description: $ref: '#/components/schemas/TranslationMessage' OutlierContributingFeature: type: object title: Outlier Contributing Feature properties: id: type: string description: Contributing feature id example: 66e38828-5017-47af-92ff-9844871352c5 name: type: string description: The name of the feature example: entitlement_count valueType: $ref: '#/components/schemas/OutlierValueType' value: type: number format: float minimum: 0 description: The feature value example: 1 importance: type: number format: float description: The importance of the feature. This can also be a negative value example: -0.15 displayName: type: string description: The (translated if header is passed) displayName for the feature example: Number of entitlements description: type: string description: The (translated if header is passed) description for the feature example: The total number of entitlements belonging to an identity translationMessages: $ref: '#/components/schemas/OutlierFeatureTranslation' OutliersContributingFeatureAccessItems: type: object title: Outliers Contributing Feature Access Items properties: id: type: string description: The ID of the access item example: 2c938083633d259901633d2623ec0375 displayName: type: string description: the display name of the access item example: Applied Research Access description: type: string description: Description of the access item. nullable: true example: Access to research information, lab results, and schematics accessType: type: string example: ENTITLEMENT description: The type of the access item. enum: - ENTITLEMENT - ACCESS_PROFILE - ROLE sourceName: type: string example: appName description: the associated source name if it exists extremelyRare: type: boolean default: false example: true description: rarest access OutlierFeatureSummary: type: object title: Outlier Feature Summary properties: contributingFeatureName: type: string description: Contributing feature name example: Rare Access identityOutlierDisplayName: type: string description: Identity display name example: John Smith outlierFeatureDisplayValues: type: array items: type: object properties: displayName: type: string example: Aliza Chris description: display name value: type: string example: 55 description: value valueType: $ref: '#/components/schemas/OutlierValueType' featureDefinition: type: string description: Definition of the feature example: Identity total number of entitlements featureExplanation: type: string description: Detailed explanation of the feature example: An identity that has too much rare access has a higher change of becoming a security threat due to the unique access they possess peerDisplayName: type: string nullable: true description: outlier's peer identity display name example: Mary Jane peerIdentityId: type: string nullable: true description: outlier's peer identity id example: 9f9d5d53ad0e48fba7352f6da9f1b8gbg accessItemReference: type: object description: Access Item reference example: displayName: All Rare Entitlements searchPlaceholder: Search by name or description PeerGroupMember: type: object title: Peer Group Member properties: id: type: string description: A unique identifier for the peer group member. type: type: string description: The type of the peer group member. peer_group_id: type: string description: The ID of the peer group. attributes: type: object additionalProperties: type: object description: Arbitrary key-value pairs, belonging to the peer group member. NotificationTemplateContext: type: object title: Notification Template Context properties: attributes: type: object additionalProperties: true description: A JSON object that stores the context. example: productUrl: https://test-org.identitysoon.com brandingConfigs: default: narrowLogoURL: null productName: SailPoint standardLogoURL: null navigationColor: '011E64' actionButtonColor: 20B2DE emailFromAddress: null activeLinkColor: 20B2DE loginInformationalMessage: null created: type: string description: When the global context was created format: date-time example: '2020-04-15T16:16:47.525Z' modified: type: string description: When the global context was last modified format: date-time example: '2020-04-15T16:16:47.525Z' Medium: type: string enum: - EMAIL - SMS - PHONE - SLACK - TEAMS PreferencesDto: type: object title: Preferences Dto description: Maps an Identity's attribute key to a list of preferred notification mediums. properties: key: type: string description: The template notification key. example: cloud_manual_work_item_summary mediums: type: array description: List of preferred notification mediums, i.e., the mediums (or method) for which notifications are enabled. More mediums may be added in the future. items: $ref: '#/components/schemas/Medium' example: - EMAIL modified: type: string description: Modified date of preference format: date-time example: '2020-05-15T14:37:06.909Z' ConfigTypeEnumCamel: type: string description: Enum list of valid work types that can be selected for a Reassignment Configuration enum: - accessRequests - certifications - manualTasks example: accessRequests ConfigTypeEnum: type: string description: Enum list of valid work types that can be selected for a Reassignment Configuration enum: - ACCESS_REQUESTS - CERTIFICATIONS - MANUAL_TASKS example: ACCESS_REQUESTS ConfigType: type: object description: Type of Reassignment Configuration. properties: priority: type: integer example: 1 internalName: $ref: '#/components/schemas/ConfigTypeEnumCamel' internalNameCamel: $ref: '#/components/schemas/ConfigTypeEnum' displayName: type: string description: Human readable display name of the type to be shown on UI example: Access Requests description: type: string description: Description of the type of work to be reassigned, displayed by the UI. example: Reassign Access Request Work Items for an identity Identity-2: type: object description: The definition of an Identity according to the Reassignment Configuration service properties: id: type: string description: The ID of the object example: 2c91808380aa05580180aaaaf1940410 name: type: string description: Human-readable display name of the object example: William Wilson AuditDetails: type: object description: Audit details for the reassignment configuration of an identity properties: created: type: string description: Initial date and time when the record was created format: date-time example: '2022-07-21T11:13:12.345Z' createdBy: $ref: '#/components/schemas/Identity-2' modified: type: string description: Last modified date and time for the record format: date-time example: '2022-07-21T11:13:12.345Z' modifiedBy: $ref: '#/components/schemas/Identity-2' ConfigurationDetailsResponse: type: object description: The request body of Reassignment Configuration Details for a specific identity and config type properties: configType: $ref: '#/components/schemas/ConfigTypeEnum' targetIdentity: $ref: '#/components/schemas/Identity-2' startDate: type: string description: The date from which to start reassigning work items format: date-time example: '2022-07-21T11:13:12.345Z' endDate: type: string description: The date from which to stop reassigning work items. If this is an empty string it indicates a permanent reassignment. format: date-time example: '0001-01-01T00:00:00Z' auditDetails: $ref: '#/components/schemas/AuditDetails' ConfigurationResponse: type: object description: The response body of a Reassignment Configuration for a single identity properties: identity: $ref: '#/components/schemas/Identity-2' configDetails: type: array description: Details of how work should be reassigned for an Identity items: $ref: '#/components/schemas/ConfigurationDetailsResponse' ConfigurationItemRequest: type: object description: The request body for creation or update of a Reassignment Configuration for a single identity and work type properties: reassignedFromId: type: string description: The identity id to reassign an item from example: 2c91808781a71ddb0181b9090b5c504e reassignedToId: type: string description: The identity id to reassign an item to example: 2c91808781a71ddb0181b9090b53504a configType: $ref: '#/components/schemas/ConfigTypeEnum' startDate: type: string description: The date from which to start reassigning work items format: date-time example: '2022-07-21T11:13:12.345Z' endDate: type: string description: The date from which to stop reassigning work items. If this is an null string it indicates a permanent reassignment. format: date-time nullable: true example: '2022-07-30T17:00:00.000Z' ConfigurationItemResponse: type: object description: The response body of a Reassignment Configuration for a single identity properties: identity: $ref: '#/components/schemas/Identity-2' configDetails: type: array description: Details of how work should be reassigned for an Identity items: $ref: '#/components/schemas/ConfigurationDetailsResponse' ReassignmentTypeEnum: type: string description: Enum list containing types of Reassignment that can be found in the evaluate response. enum: - MANUAL_REASSIGNMENT, - AUTOMATIC_REASSIGNMENT, - AUTO_ESCALATION, - SELF_REVIEW_DELEGATION example: AUTOMATIC_REASSIGNMENT LookupStep: type: object description: The definition of an Identity according to the Reassignment Configuration service properties: reassignedToId: type: string description: The ID of the Identity who work is reassigned to example: 869320b6b6f34a169b6178b1a865e66f reassignedFromId: type: string description: The ID of the Identity who work is reassigned from example: 51948a8f306a4e7a9a6f8f5d032fa59e reassignmentType: description: Reassignment type $ref: '#/components/schemas/ReassignmentTypeEnum' EvaluateResponse: type: object description: The response body for Evaluate Reassignment Configuration properties: reassignToId: type: string description: The Identity ID which should be the recipient of any work items sent to a specific identity & work type example: 869320b6b6f34a169b6178b1a865e66f lookupTrail: type: array description: List of Reassignments found by looking up the next `TargetIdentity` in a ReassignmentConfiguration items: $ref: '#/components/schemas/LookupStep' TenantConfigurationDetails: type: object description: Details of any tenant-wide Reassignment Configurations (eg. enabled/disabled) properties: disabled: type: boolean nullable: true description: Flag to determine if Reassignment Configuration is enabled or disabled for a tenant. When this flag is set to true, Reassignment Configuration is disabled. default: false example: true TenantConfigurationResponse: type: object description: Tenant-wide Reassignment Configuration settings properties: auditDetails: $ref: '#/components/schemas/AuditDetails' configDetails: $ref: '#/components/schemas/TenantConfigurationDetails' TenantConfigurationRequest: type: object description: Tenant-wide Reassignment Configuration settings properties: configDetails: $ref: '#/components/schemas/TenantConfigurationDetails' AccessItemRef: type: object title: Access Item Ref properties: id: type: string description: ID of the access item to retrieve the recommendation for. example: 2c938083633d259901633d2623ec0375 type: type: string example: ENTITLEMENT description: Access item's type. enum: - ENTITLEMENT - ACCESS_PROFILE - ROLE RecommendationRequest: type: object title: Recommendation Request properties: identityId: type: string description: The identity ID example: 2c938083633d259901633d25c68c00fa item: $ref: '#/components/schemas/AccessItemRef' RecommendationRequestDto: type: object title: Recommendation Request Dto properties: requests: type: array items: $ref: '#/components/schemas/RecommendationRequest' description: List of requests to retrieve recommendations excludeInterpretations: type: boolean description: Exclude interpretations in the response if "true". Return interpretations in the response if this attribute is not specified. default: 'false' example: 'false' includeTranslationMessages: type: boolean description: When set to true, the calling system uses the translated messages for the specified language default: 'false' example: 'false' includeDebugInformation: type: boolean description: Returns the recommender calculations if set to true default: 'false' example: 'true' prescribeMode: type: boolean description: When set to true, uses prescribedRulesRecommenderConfig to get identity attributes and peer group threshold instead of standard config. default: 'false' example: 'false' FeatureValueDto: type: object title: Feature Value Dto properties: feature: type: string description: The type of feature example: department numerator: type: integer format: int32 example: 14 description: The number of identities that have access to the feature denominator: type: integer format: int32 example: 14 description: The number of identities with the corresponding feature RecommenderCalculations: properties: identityId: type: string description: The ID of the identity example: 2c91808457d8f3ab0157e3e62cb4213c entitlementId: type: string description: The entitlement ID example: 2c91809050db617d0150e0bf3215385e recommendation: type: string description: The actual recommendation example: 'YES' overallWeightedScore: type: number description: The overall weighted score featureWeightedScores: type: object description: The weighted score of each individual feature additionalProperties: type: number threshold: type: number description: The configured value against which the overallWeightedScore is compared identityAttributes: type: object description: The values for your configured features additionalProperties: type: object properties: value: type: string featureValues: $ref: '#/components/schemas/FeatureValueDto' description: The feature details RecommendationResponse: type: object title: Recommendation Response properties: request: $ref: '#/components/schemas/RecommendationRequest' recommendation: type: string example: 'YES' description: The recommendation - YES if the access is recommended, NO if not recommended, MAYBE if there is not enough information to make a recommendation, NOT_FOUND if the identity is not found in the system enum: - 'YES' - 'NO' - MAYBE - NOT_FOUND interpretations: type: array items: type: string description: The list of interpretations explaining the recommendation. The array is empty if includeInterpretations is false or not present in the request. e.g. - [ "Not approved in the last 6 months." ]. Interpretations will be translated using the client's locale as found in the Accept-Language header. If a translation for the client's locale cannot be found, the US English translation will be returned. example: - 75% of identities with the same department have this access. This information had a high impact on the overall score. - 67% of identities with the same peer group have this access. This information had a low impact on the overall score. - 42% of identities with the same location have this access. This information had a low impact on the overall score. translationMessages: type: array example: - key: recommender-api.V2_WEIGHT_FEATURE_PRODUCT_INTERPRETATION_HIGH values: - '75' - department items: $ref: '#/components/schemas/TranslationMessage' description: The list of translation messages, if they have been requested. recommenderCalculations: $ref: '#/components/schemas/RecommenderCalculations' description: The calcuations performed behind the scenes that provide recommendations to the user. RecommendationResponseDto: type: object title: Recommendation Response Dto properties: response: type: array items: $ref: '#/components/schemas/RecommendationResponse' RecommendationConfigDto: type: object title: Recommendation Config Dto properties: recommenderFeatures: type: array items: type: string description: List of identity attributes to use for calculating certification recommendations example: - jobTitle - location - peer_group - department - active peerGroupPercentageThreshold: type: number description: The percent value that the recommendation calculation must surpass to produce a YES recommendation minimum: 0 maximum: 1 format: float example: 0.5 runAutoSelectOnce: type: boolean description: If true, rulesRecommenderConfig will be refreshed with new programatically selected attribute and threshold values on the next pipeline run default: false example: false onlyTuneThreshold: type: boolean description: If true, rulesRecommenderConfig will be refreshed with new programatically selected threshold values on the next pipeline run default: false example: false RoleInsightsResponse: type: object title: Role Insights Response properties: id: type: string description: Request Id for a role insight generation request example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb createdDate: type: string format: date-time description: The date-time role insights request was created. example: '2020-09-16T18:49:32.150Z' lastGenerated: type: string format: date-time description: The date-time role insights request was completed. example: '2020-09-16T18:50:12.150Z' numberOfUpdates: type: integer description: Total number of updates for this request. Starts with 0 and will have correct number when request is COMPLETED. example: 0 roleIds: description: The role IDs that are in this request. type: array items: type: string status: type: string description: Request status enum: - CREATED - IN PROGRESS - COMPLETED - FAILED example: id: c9aa02f7-86b0-4bc4-84bd-3116a6131e77 createdDate: '2020-09-16T18:49:32.150Z' lastGenerated: '2020-09-16T18:49:32.150Z' numberOfUpdates: 0 roleIds: - 2c91808e720e94f8017253287c0a44f4 - 2c918087723ac2800172532191540e03 - 2c9180986e4c8592016e6b15eaef447c status: CREATED RoleInsightsSummary: type: object title: Role Insights Summary properties: numberOfUpdates: type: integer description: Total number of roles with updates lastGenerated: type: string format: date-time description: The date-time role insights were last found. example: '2020-05-19T13:49:37.385Z' entitlementsIncludedInRoles: type: integer description: The number of entitlements included in roles (vs free radicals). example: 45 totalNumberOfEntitlements: type: integer description: The total number of entitlements. example: 250 identitiesWithAccessViaRoles: type: integer description: The number of identities in roles vs. identities with just entitlements and not in roles. example: 550 totalNumberOfIdentities: type: integer description: The total number of identities. example: 980 RoleInsightsRole: type: object title: Role Insights Role properties: name: type: string description: Role name example: Software Engineer id: type: string description: Role id example: 1467e61e-f284-439c-ba2d-c6cc11cf0941 description: type: string description: Role description example: Person who develops software ownerName: type: string description: Role owner name example: Bob ownerId: type: string description: Role owner id example: 1467e61e-f284-439c-ba2d-c6cc11cf0941 RoleInsightsInsight: type: object title: Role Insights Insight properties: type: type: string description: The number of identities in this role with the entitlement. example: ADD identitiesWithAccess: type: integer description: The number of identities in this role with the entitlement. example: 850 identitiesImpacted: type: integer description: The number of identities in this role that do not have the specified entitlement. example: 150 totalNumberOfIdentities: type: integer description: The total number of identities. example: 1000 impactedIdentityNames: type: string nullable: true RoleInsight: type: object title: Role Insight properties: id: type: string description: Insight id example: 1467e61e-f284-439c-ba2d-c6cc11cf0941 numberOfUpdates: type: integer description: Total number of updates for this role example: 5 createdDate: type: string format: date-time description: The date-time insights were last created for this role. modifiedDate: type: string format: date-time nullable: true description: The date-time insights were last modified for this role. example: '2020-05-19T13:49:37.385Z' role: $ref: '#/components/schemas/RoleInsightsRole' description: A role insight: $ref: '#/components/schemas/RoleInsightsInsight' description: The kind of insight this is and some stats RoleInsightsEntitlementChanges: type: object title: Role Insights Entitlement Changes properties: name: type: string description: Name of the entitlement example: Administrator id: type: string description: Id of the entitlement example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb description: type: string nullable: true description: Description for the entitlement example: Full administrative access to IdentityNow attribute: type: string description: Attribute for the entitlement example: assignedGroups value: type: string description: Attribute value for the entitlement example: ORG_ADMIN source: type: string description: Source or the application for the entitlement example: IdentityNow insight: $ref: '#/components/schemas/RoleInsightsInsight' description: The kind of insight this is and some stats RoleInsightsEntitlement: type: object title: Role Insights Entitlement properties: name: type: string description: Name of the entitlement example: Administrator id: type: string description: Id of the entitlement example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb description: type: string description: Description for the entitlement nullable: true example: Full administrative access to IdentityNow source: type: string description: Source or the application for the entitlement example: IdentityNow attribute: type: string description: Attribute for the entitlement example: assignedGroups value: type: string description: Attribute value for the entitlement example: ORG_ADMIN RoleInsightsIdentities: type: object title: Role Insights Identities properties: id: type: string description: Id for identity name: type: string description: Name for identity attributes: type: object additionalProperties: type: string example: id: 8c190e67-87aa-4ed9-a90b-d9d5344523fb name: Adam Smith attributes: department: Human Resources-tah-mgb-dnd firstName: Adam jobTitle: Sales Analyst location: Mexico RoleMiningSessionScope: type: object title: Role Mining Session Scope properties: identityIds: type: array items: type: string description: The list of identities for this role mining session. example: - 2c918090761a5aac0176215c46a62d58 - 2c918090761a5aac01722015c46a62d42 criteria: type: string description: The "search" criteria that produces the list of identities for this role mining session. nullable: true example: source.name:DataScienceDataset attributeFilterCriteria: type: array items: type: object description: The filter criteria for this role mining session. nullable: true example: displayName: untranslated: 'Location: Miami' ariaLabel: untranslated: 'Location: Miami' data: displayName: translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION name: location operator: EQUALS values: - Miami RoleMiningRoleType: type: string description: Role type enum: - SPECIALIZED - COMMON example: SPECIALIZED RoleMiningSessionDto: type: object title: Role Mining Session Dto properties: scope: $ref: '#/components/schemas/RoleMiningSessionScope' description: The scope of identities for this role mining session example: identityIds: [] criteria: source.name:DataScienceDataset attributeFilterCriteria: - displayName: untranslated: 'Location: Miami' ariaLabel: untranslated: 'Location: Miami' data: displayName: translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION name: location operator: EQUALS values: - Miami pruneThreshold: type: integer description: The prune threshold to be used or null to calculate prescribedPruneThreshold nullable: true example: 50 format: int32 prescribedPruneThreshold: type: integer description: The calculated prescribedPruneThreshold nullable: true example: 10 format: int32 minNumIdentitiesInPotentialRole: type: integer description: Minimum number of identities in a potential role nullable: true example: 20 format: int32 potentialRoleCount: type: integer description: Number of potential roles example: 0 format: int32 potentialRolesReadyCount: type: integer description: Number of potential roles ready example: 0 format: int32 type: $ref: '#/components/schemas/RoleMiningRoleType' description: Role mining session type example: SPECIALIZED emailRecipientId: type: string description: The id of the user who will receive an email about the role mining session nullable: true example: 2c918090761a5aac0176215c46a62d58 identityCount: type: integer description: Number of identities in the population which meet the search criteria or identity list provided example: 0 format: int32 saved: type: boolean description: The session's saved status default: false example: true name: type: string description: The session's saved name nullable: true example: Saved RM Session - 07/10 RoleMiningSessionState: type: string description: Role mining session status enum: - CREATED - UPDATED - IDENTITIES_OBTAINED - PRUNE_THRESHOLD_OBTAINED - POTENTIAL_ROLES_PROCESSING - POTENTIAL_ROLES_CREATED example: CREATED RoleMiningSessionStatus: type: object title: Role Mining Session Status properties: state: $ref: '#/components/schemas/RoleMiningSessionState' description: Role mining session state EntityCreatedByDTO: type: object properties: id: type: string description: ID of the creator example: 2c918090761a5aac0176215c46a62d58 displayName: type: string description: The display name of the creator example: Ashley.Pierce NullableEntityCreatedByDTO: type: string nullable: true description: Workaround to support null example: Dummy RoleMiningSessionResponse: type: object title: Role Mining Session Response properties: scope: $ref: '#/components/schemas/RoleMiningSessionScope' description: The scope of identities for this role mining session minNumIdentitiesInPotentialRole: type: integer nullable: true description: Minimum number of identities in a potential role example: 20 scopingMethod: type: string description: The scoping method of the role mining session nullable: true example: AUTO_RM prescribedPruneThreshold: type: integer nullable: true description: The computed (or prescribed) prune threshold for this session example: 83 pruneThreshold: type: integer nullable: true description: The prune threshold to be used for this role mining session example: 70 potentialRoleCount: type: integer description: The number of potential roles example: 8 potentialRolesReadyCount: type: integer description: The number of potential roles which have completed processing example: 4 status: $ref: '#/components/schemas/RoleMiningSessionStatus' description: The role mining session status emailRecipientId: type: string description: The id of the user who will receive an email about the role mining session nullable: true createdBy: oneOf: - $ref: '#/components/schemas/EntityCreatedByDTO' - $ref: '#/components/schemas/NullableEntityCreatedByDTO' description: The session created by details identityCount: type: integer description: The number of identities example: 39 saved: type: boolean description: The session's saved status default: false example: true name: type: string description: The session's saved name nullable: true example: Saved RM Session - 07/10 dataFilePath: type: string description: The data file path of the role mining session nullable: true id: type: string description: Session Id for this role mining session example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb createdDate: type: string format: date-time description: The date-time when this role mining session was created. modifiedDate: type: string format: date-time description: The date-time when this role mining session was completed. type: $ref: '#/components/schemas/RoleMiningRoleType' description: Role mining session type example: scope: identityIds: [] criteria: source.name:DataScienceDataset attributeFilterCriteria: null scopingMethod: AUTO_RM minNumIdentitiesInPotentialRole: 20 pruneThreshold: 70 prescribedPruneThreshold: 83 potentialRoleCount: 8 potentialRolesReadyCount: 4 status: state: POTENTIAL_ROLES_PROCESSING type: SPECIALIZED emailRecipientId: null createdBy: null identityCount: 0 saved: false name: null dataFilePath: null id: 602ba738-cf48-499b-a780-7b67b3fc1ecf createdDate: '2021-09-08T16:11:05.348Z' modifiedDate: '2021-09-08T16:11:05.348Z' RoleMiningPotentialRoleRef: type: object title: Role Mining Potential Role Ref properties: id: type: string description: Id of the potential role example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923 name: type: string description: Name of the potential role example: Potential Role - e0cc5d RoleMiningPotentialRoleProvisionState: type: string description: Provision state enum: - POTENTIAL - PENDING - COMPLETE - FAILED - null example: POTENTIAL RoleMiningSessionScopingMethod: type: string description: The scoping method used in the current role mining session. enum: - MANUAL - AUTO_RM example: MANUAL RoleMiningSessionParametersDto: type: object title: Role Mining Session Parameters Dto properties: id: type: string description: The ID of the role mining session example: 9f36f5e5-1e81-4eca-b087-548959d91c71 name: type: string description: The session's saved name nullable: true example: Saved RM Session - 07/10 minNumIdentitiesInPotentialRole: type: integer description: Minimum number of identities in a potential role nullable: true example: 20 format: int32 pruneThreshold: type: integer description: The prune threshold to be used or null to calculate prescribedPruneThreshold nullable: true example: 5 format: int32 saved: type: boolean default: true description: The session's saved status example: true scope: $ref: '#/components/schemas/RoleMiningSessionScope' description: The scope of identities for this role mining session example: identityIds: [] criteria: source.name:DataScienceDataset attributeFilterCriteria: displayName: untranslated: 'Location: Miami' ariaLabel: untranslated: 'Location: Miami' data: displayName: translateKey: IDN.IDENTITY_ATTRIBUTES.LOCATION name: location operator: EQUALS values: - Miami type: $ref: '#/components/schemas/RoleMiningRoleType' description: Role mining potential type state: $ref: '#/components/schemas/RoleMiningSessionState' description: Role mining session state scopingMethod: $ref: '#/components/schemas/RoleMiningSessionScopingMethod' description: Scoping method used in current role mining session RoleMiningPotentialRoleSummary: type: object title: Role Mining Potential Role Summary properties: id: type: string description: Id of the potential role example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923 name: type: string description: Name of the potential role example: Potential Role - e0cc5d potentialRoleRef: $ref: '#/components/schemas/RoleMiningPotentialRoleRef' description: Details about the potential role identityCount: type: integer description: The number of identities in a potential role. format: int32 example: 25 entitlementCount: type: integer description: The number of entitlements in a potential role. format: int32 example: 15 identityGroupStatus: type: string description: The status for this identity group which can be "REQUESTED" or "OBTAINED" example: OBTAINED provisionState: $ref: '#/components/schemas/RoleMiningPotentialRoleProvisionState' description: The status of provisioning for this potential role. Can be "POTENTIAL", "PENDING", "FAILED", or "COMPLETE". example: PENDING roleId: type: string description: ID of the provisioned role in IIQ or IDN. Null if this potential role has not been provisioned. nullable: true example: 2a4be6fbcf3c4e66b95a0c15ffd591 density: type: integer description: The density metric (0-100) of this potential role. Higher density values indicate higher similarity amongst the identities. format: int32 example: 90 freshness: type: integer description: The freshness metric (0-100) of this potential role. Higher freshness values indicate this potential role is more distinctive compared to existing roles. format: int32 example: 70 quality: type: integer description: The quality metric (0-100) of this potential role. Higher quality values indicate this potential role has high density and freshness. format: int32 example: 80 type: $ref: '#/components/schemas/RoleMiningRoleType' description: Role mining potential type. createdBy: oneOf: - $ref: '#/components/schemas/EntityCreatedByDTO' - $ref: '#/components/schemas/NullableEntityCreatedByDTO' description: The potential role created by details createdDate: type: string format: date-time description: The date-time when this potential role was created. saved: type: boolean description: The potential role's saved status default: false example: true description: type: string nullable: true description: Description of the potential role session: $ref: '#/components/schemas/RoleMiningSessionParametersDto' description: The session parameters of the potential role. RoleMiningIdentityDistribution: type: object title: Role Mining Identity Distribution properties: attributeName: type: string description: Id of the potential role example: department distribution: type: array items: type: object additionalProperties: true example: - attributeValue: NM Tier 3 count: 6 RoleMiningPotentialRole: type: object title: Role Mining Potential Role properties: createdBy: oneOf: - $ref: '#/components/schemas/EntityCreatedByDTO' - $ref: '#/components/schemas/NullableEntityCreatedByDTO' description: The session created by details density: type: integer description: The density of a potential role. example: 75 format: int32 description: type: string nullable: true description: The description of a potential role. example: Potential Role for Accounting dept entitlementCount: type: integer description: The number of entitlements in a potential role. example: 25 format: int32 excludedEntitlements: description: The list of entitlement ids to be excluded. nullable: true type: array items: type: string example: - 07a0b4e2 - 13b4e2a0 freshness: type: integer description: The freshness of a potential role. example: 75 format: int32 identityCount: type: integer description: The number of identities in a potential role. example: 25 format: int32 identityDistribution: description: Identity attribute distribution. nullable: true type: array items: $ref: '#/components/schemas/RoleMiningIdentityDistribution' identityIds: description: The list of ids in a potential role. type: array items: type: string example: - 07a0b4e2 - 13b4e2a0 name: type: string description: Name of the potential role. example: Saved Potential Role - 07/10 provisionState: allOf: - $ref: '#/components/schemas/RoleMiningPotentialRoleProvisionState' - description: The provisioning state of a potential role. nullable: true quality: type: integer description: The quality of a potential role. example: 100 format: int32 roleId: type: string nullable: true description: The roleId of a potential role. example: 07a0b4e2-7a76-44fa-bd0b-c64654b66519 saved: type: boolean description: The potential role's saved status. example: true session: $ref: '#/components/schemas/RoleMiningSessionParametersDto' description: The session parameters of the potential role. type: $ref: '#/components/schemas/RoleMiningRoleType' description: Role mining potential type. id: type: string description: Id of the potential role example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923 createdDate: type: string format: date-time description: The date-time when this potential role was created. modifiedDate: type: string format: date-time description: The date-time when this potential role was modified. RoleMiningPotentialRoleApplication: type: object title: Role Mining Potential Role Application properties: id: type: string description: Id of the application example: id: 2c9180877212632a017228d5a796292b name: type: string description: Name of the application example: name: Slack RoleMiningPotentialRoleEntitlements: type: object title: Role Mining Potential Role Entitlements properties: id: type: string description: Id of the entitlement example: id: 2c9180877212632a017228d5a796292c name: type: string description: Name of the entitlement example: name: LauncherTest2 RoleMiningEntitlementRef: type: object title: Role Mining Entitlement Ref properties: id: type: string description: Id of the entitlement example: 2c91808a7e95e6e0017e96e2086206c8 name: type: string description: Name of the entitlement example: App.entitlement.1 description: type: string description: Description forthe entitlement nullable: true example: Entitlement 1 attribute: type: string description: The entitlement attribute example: groups RoleMiningEntitlement: type: object title: Role Mining Entitlement properties: entitlementRef: $ref: '#/components/schemas/RoleMiningEntitlementRef' description: Details about the entitlement example: id: 2c91808a7e95e6e0017e96e2086206c8 name: App.entitlement.1 description: Entitlement 1 attribute: groups name: type: string description: Name of the entitlement example: Add/modify/delete users applicationName: type: string description: Application name of the entitlement example: AppName identityCount: type: integer description: The number of identities with this entitlement in a role. format: int32 example: 45 popularity: type: number description: The % popularity of this entitlement in a role. format: float example: 65.2 popularityInOrg: type: number description: The % popularity of this entitlement in the org. format: float example: 35.8 sourceId: type: string description: The ID of the source/application. example: 2c9180877620c1460176267f336a106f activitySourceState: type: string description: The status of activity data for the source. Value is complete or notComplete. nullable: true example: complete sourceUsagePercent: type: number description: The percentage of identities in the potential role that have usage of the source/application of this entitlement. format: float nullable: true example: 65.6 RoleMiningPotentialRoleEditEntitlements: type: object title: Role Mining Potential Role Edit Entitlements properties: ids: description: The list of entitlement ids to be edited type: array items: type: string exclude: type: boolean description: If true, add ids to be exclusion list. If false, remove ids from the exclusion list. example: ids: - entId1 - entId2 exclude: true RoleMiningIdentity: type: object title: Role Mining Identity properties: id: type: string description: Id of the identity example: 2c9180877212632a017228d5934525e6 name: type: string description: Name of the identity example: Allene Abernathy-Welch attributes: type: object additionalProperties: type: string nullable: true example: jobTitle: SQL Developer department: IT location: NYC firstName: Allene RoleMiningPotentialRoleExportRequest: type: object title: Role Mining Potential Role Export Request properties: minEntitlementPopularity: type: integer description: The minimum popularity among identities in the role which an entitlement must have to be included in the report example: 0 includeCommonAccess: type: boolean description: If false, do not include entitlements that are highly popular among the entire orginization example: true example: minEntitlementPopularity: 0 includeCommonAccess: true RoleMiningPotentialRoleExportState: type: string enum: - QUEUED - IN_PROGRESS - SUCCESS - ERROR RoleMiningPotentialRoleExportResponse: allOf: - $ref: '#/components/schemas/RoleMiningPotentialRoleExportRequest' - type: object properties: exportId: type: string format: uuid description: ID used to reference this export example: 0c6cdb76-1227-4aaf-af21-192dbdfbfa04 status: $ref: '#/components/schemas/RoleMiningPotentialRoleExportState' description: The status of this export example: QUEUED example: exportId: 0c6cdb76-1227-4aaf-af21-192dbdfbfa04 status: QUEUED minEntitlementPopularity: 0 includeCommonAccess: true RoleMiningPotentialRoleProvisionRequest: type: object title: Role Mining Potential Role Provision Request properties: roleName: type: string description: Name of the new role being created example: Finance - Accounting roleDescription: type: string description: Short description of the new role being created example: General access for accounting department ownerId: type: string description: ID of the identity that will own this role example: 2b568c65bc3c4c57a43bd97e3a8e41 includeIdentities: type: boolean description: When true, create access requests for the identities associated with the potential role default: false example: true directlyAssignedEntitlements: type: boolean description: When true, assign entitlements directly to the role; otherwise, create access profiles containing the entitlements default: false example: false RoleMiningSessionDraftRoleDto: type: object title: Role Mining Session Draft Role Dto properties: name: type: string description: Name of the draft role example: Saved RM Session - 07/10 description: type: string description: Draft role description example: Person who develops software identityIds: type: array items: type: string description: The list of identities for this role mining session. example: - 2c918090761a5aac0176215c46a62d58 - 2c918090761a5aac01722015c46a62d42 entitlementIds: type: array items: type: string description: The list of entitlement ids for this role mining session. example: - 2c91808a7624751a01762f19d665220d - 2c91808a7624751a01762f19d67c220e excludedEntitlements: type: array description: The list of excluded entitlement ids. items: type: string example: - 07a0b4e2 - 13b4e2a0 modified: type: string format: date-time description: Last modified date example: '2020-09-16T18:49:32.150Z' type: $ref: '#/components/schemas/RoleMiningRoleType' description: Role mining session type example: SPECIALIZED id: type: string description: Id of the potential draft role example: e0cc5d7d-bf7f-4f81-b2af-8885b09d9923 createdDate: type: string format: date-time description: The date-time when this potential draft role was created. modifiedDate: type: string format: date-time description: The date-time when this potential draft role was modified. RoleMiningPotentialRoleSourceUsage: type: object title: Role Mining Potential Role Source Usage properties: id: type: string description: The identity ID example: 2c918089762475180176267f894b54dc displayName: type: string description: Display name for the identity example: Kirk Koepp email: type: string description: Email address for the identity example: kirk.koepp@testmail.identitynow.com usageCount: type: integer description: The number of days there has been usage of the source by the identity. format: int32 example: 25 SendTestNotificationRequestDto: type: object title: Send Test Notification Request Dto properties: key: type: string description: The template notification key. example: cloud_manual_work_item_summary medium: type: string description: The notification medium. Has to be one of the following enum values. enum: - EMAIL - SLACK - TEAMS context: type: object description: A Json object that denotes the context specific to the template. SimIntegrationDetails: type: object title: Sim Integration Details allOf: - $ref: '#/components/schemas/BaseCommonDto' - type: object properties: description: type: string description: The description of the integration example: Integration description nullable: false type: type: string description: The integration type example: ServiceNow Service Desk nullable: false attributes: type: object description: The attributes map containing the credentials used to configure the integration. nullable: true example: '{"uid":"Walter White","firstname":"walter","cloudStatus":"UNREGISTERED","displayName":"Walter White","identificationNumber":"942","lastSyncDate":1470348809380,"email":"walter@gmail.com","lastname":"white"}' sources: type: array description: The list of sources (managed resources) items: type: string example: - 2c9180835d191a86015d28455b4a2329 - 2c5680835d191a85765d28455b4a9823 nullable: false cluster: type: string description: The cluster/proxy example: xyzzy999 nullable: false statusMap: type: object description: Custom mapping between the integration result and the provisioning result example: closed_cancelled: Failed closed_complete: Committed closed_incomplete: Failed closed_rejected: Failed in_process: Queued requested: Queued request: type: object description: Request data to customize desc and body of the created ticket example: description: SailPoint Access Request, req_description: The Service Request created by SailPoint ServiceNow Service Integration Module (SIM)., req_short_description: SailPoint New Access Request Created from IdentityNow, short_description: SailPoint Access Request $!plan.arguments.identityRequestId beforeProvisioningRule: description: Before provisioning rule of integration properties: type: $ref: '#/components/schemas/DtoType' id: type: string description: ID of the rule example: 2c918085708c274401708c2a8a760001 name: type: string description: Human-readable display name of the rule example: Example Rule ObjectExportImportOptions: type: object title: Object Export Import Options properties: includedIds: description: Object ids to be included in an import or export. type: array items: type: string example: be9e116d-08e1-49fc-ab7f-fa585e96c9e4 includedNames: description: Object names to be included in an import or export. type: array items: type: string example: Test Object ExportOptions: type: object title: Export Options properties: excludeTypes: description: Object type names to be excluded from an sp-config export command. type: array items: type: string enum: - ACCESS_PROFILE - ACCESS_REQUEST_CONFIG - ATTR_SYNC_SOURCE_CONFIG - AUTH_ORG - CAMPAIGN_FILTER - CONNECTOR_RULE - FORM_DEFINITION - GOVERNANCE_GROUP - IDENTITY_OBJECT_CONFIG - IDENTITY_PROFILE - LIFECYCLE_STATE - NOTIFICATION_TEMPLATE - PASSWORD_POLICY - PASSWORD_SYNC_GROUP - PUBLIC_IDENTITIES_CONFIG - ROLE - RULE - SEGMENT - SERVICE_DESK_INTEGRATION - SOD_POLICY - SOURCE - TAG - TRANSFORM - TRIGGER_SUBSCRIPTION - WORKFLOW example: SOURCE includeTypes: description: Object type names to be included in an sp-config export command. IncludeTypes takes precedence over excludeTypes. type: array items: type: string enum: - ACCESS_PROFILE - ACCESS_REQUEST_CONFIG - ATTR_SYNC_SOURCE_CONFIG - AUTH_ORG - CAMPAIGN_FILTER - CONNECTOR_RULE - FORM_DEFINITION - GOVERNANCE_GROUP - IDENTITY_OBJECT_CONFIG - IDENTITY_PROFILE - LIFECYCLE_STATE - NOTIFICATION_TEMPLATE - PASSWORD_POLICY - PASSWORD_SYNC_GROUP - PUBLIC_IDENTITIES_CONFIG - ROLE - RULE - SEGMENT - SERVICE_DESK_INTEGRATION - SOD_POLICY - SOURCE - TAG - TRANSFORM - TRIGGER_SUBSCRIPTION - WORKFLOW example: TRIGGER_SUBSCRIPTION objectOptions: description: Additional options targeting specific objects related to each item in the includeTypes field type: object additionalProperties: $ref: '#/components/schemas/ObjectExportImportOptions' example: TRIGGER_SUBSCRIPTION: includedIds: - be9e116d-08e1-49fc-ab7f-fa585e96c9e4 includedNames: - Test 2 ExportPayload: type: object title: Export Payload allOf: - $ref: '#/components/schemas/ExportOptions' properties: description: type: string description: Optional user defined description/name for export job. example: Export Job 1 Test SpConfigJob: type: object title: Sp Config Job properties: jobId: type: string description: Unique id assigned to this job. example: 3469b87d-48ca-439a-868f-2160001da8c1 status: type: string description: Status of the job. enum: - NOT_STARTED - IN_PROGRESS - COMPLETE - CANCELLED - FAILED example: COMPLETE type: type: string description: Type of the job, either export or import. enum: - EXPORT - IMPORT example: IMPORT expiration: type: string format: date-time description: The time until which the artifacts will be available for download. example: '2021-05-11T22:23:16Z' created: type: string format: date-time description: The time the job was started. example: '2021-05-11T22:23:16Z' modified: type: string format: date-time description: The time of the last update to the job. example: '2021-05-11T22:23:16Z' required: - jobId - status - type - expiration - created - modified SpConfigExportJob: allOf: - $ref: '#/components/schemas/SpConfigJob' - type: object nullable: true properties: description: type: string description: Optional user defined description/name for export job. example: ETS configuration objects from Acme-Solar sandbox SpConfigExportJobStatus: allOf: - $ref: '#/components/schemas/SpConfigExportJob' - type: object nullable: true properties: completed: type: string format: date-time description: The time the job was completed. example: '2021-05-11T22:23:16Z' SelfImportExportDto: type: object title: Self Import Export Dto description: Self block for imported/exported object. properties: type: type: string description: Imported/exported object's DTO type. Import is currently only possible with the CONNECTOR_RULE, IDENTITY_OBJECT_CONFIG, IDENTITY_PROFILE, RULE, SOURCE, TRANSFORM, and TRIGGER_SUBSCRIPTION object types. enum: - ACCESS_PROFILE - ACCESS_REQUEST_CONFIG - ATTR_SYNC_SOURCE_CONFIG - AUTH_ORG - CAMPAIGN_FILTER - CONNECTOR_RULE - FORM_DEFINITION - GOVERNANCE_GROUP - IDENTITY_OBJECT_CONFIG - IDENTITY_PROFILE - LIFECYCLE_STATE - NOTIFICATION_TEMPLATE - PASSWORD_POLICY - PASSWORD_SYNC_GROUP - PUBLIC_IDENTITIES_CONFIG - ROLE - RULE - SEGMENT - SERVICE_DESK_INTEGRATION - SOD_POLICY - SOURCE - TAG - TRANSFORM - TRIGGER_SUBSCRIPTION - WORKFLOW example: SOURCE id: type: string description: Imported/exported object's ID. example: 2c9180835d191a86015d28455b4b232a name: type: string description: Imported/exported object's display name. example: HR Active Directory ConfigObject: type: object title: Config Object for Export and Import description: Config export and import format for individual object configurations. properties: version: type: integer description: Current version of configuration object. example: 1 self: $ref: '#/components/schemas/SelfImportExportDto' object: description: Object details. Format dependant on the object type. additionalProperties: true SpConfigExportResults: type: object title: Config Export Response Body description: Response model for config export download response. properties: version: type: integer description: Current version of the export results object. example: 1 timestamp: type: string format: date-time description: Time the export was completed. example: '2021-05-11T22:23:16Z' tenant: type: string description: Name of the tenant where this export originated. example: sample-tenant description: type: string description: Optional user defined description/name for export job. example: Export Job 1 Test options: $ref: '#/components/schemas/ExportOptions' description: Options used to create this export. objects: type: array items: $ref: '#/components/schemas/ConfigObject' ImportOptions: type: object title: Import Options properties: excludeTypes: description: Object type names to be excluded from an sp-config export command. type: array items: type: string enum: - CONNECTOR_RULE - IDENTITY_OBJECT_CONFIG - IDENTITY_PROFILE - RULE - SOURCE - TRANSFORM - TRIGGER_SUBSCRIPTION example: SOURCE includeTypes: description: Object type names to be included in an sp-config export command. IncludeTypes takes precedence over excludeTypes. type: array items: type: string enum: - CONNECTOR_RULE - IDENTITY_OBJECT_CONFIG - IDENTITY_PROFILE - RULE - SOURCE - TRANSFORM - TRIGGER_SUBSCRIPTION example: TRIGGER_SUBSCRIPTION objectOptions: description: Additional options targeting specific objects related to each item in the includeTypes field type: object additionalProperties: $ref: '#/components/schemas/ObjectExportImportOptions' example: TRIGGER_SUBSCRIPTION: includedIds: - be9e116d-08e1-49fc-ab7f-fa585e96c9e4 includedNames: - Test 2 defaultReferences: description: List of object types that can be used to resolve references on import. type: array items: type: string enum: - CONNECTOR_RULE - IDENTITY_OBJECT_CONFIG - IDENTITY_PROFILE - RULE - SOURCE - TRANSFORM - TRIGGER_SUBSCRIPTION example: TRIGGER_SUBSCRIPTION excludeBackup: description: By default, every import will first export all existing objects supported by sp-config as a backup before the import is attempted. If excludeBackup is true, the backup will not be performed. type: boolean default: false example: 'false' SpConfigImportJobStatus: allOf: - $ref: '#/components/schemas/SpConfigJob' - type: object nullable: true properties: message: type: string description: This message contains additional information about the overall status of the job. example: Download import results for details. - type: object nullable: true properties: completed: type: string format: date-time description: The time the job was completed. example: '2021-05-11T22:23:16Z' SpConfigMessage-2: type: object title: Config Import/Export Message description: Message model for Config Import/Export. properties: key: type: string description: Message key. example: UNKNOWN_REFERENCE_RESOLVER text: type: string description: Message text. example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]' details: type: object description: Message details if any, in key:value pairs. additionalProperties: type: object example: details: message details required: - key - text - details ObjectImportResult-2: type: object title: Import Object Response Body description: Response model for import of a single object. properties: infos: description: Informational messages returned from the target service on import. type: array items: $ref: '#/components/schemas/SpConfigMessage-2' warnings: description: Warning messages returned from the target service on import. type: array items: $ref: '#/components/schemas/SpConfigMessage-2' errors: description: Error messages returned from the target service on import. type: array items: $ref: '#/components/schemas/SpConfigMessage-2' importedObjects: description: References to objects that were created or updated by the import. type: array items: $ref: '#/components/schemas/ImportObject' required: - infos - warnings - errors - importedObjects SpConfigImportResults: type: object title: Config Import Response Body description: Response Body for Config Import command. properties: results: type: object additionalProperties: $ref: '#/components/schemas/ObjectImportResult-2' description: The results of an object configuration import job. example: results: TRIGGER_SUBSCRIPTION: infos: - key: IMPORT_PREVIEW text: 'Object to be imported: [c953134c-2224-42f2-a84e-fa5cbb395904, Test 2]' detail: null - key: IMPORT_PREVIEW text: 'Object to be imported: [be9e116d-08e1-49fc-ab7f-fa585e96c9e4, Test 1]' detail: null warnings: [] errors: [] importedObjects: [] exportJobId: type: string description: If a backup was performed before the import, this will contain the jobId of the backup job. This id can be used to retrieve the json file of the backup export. example: be9e116d-08e1-49fc-ab7f-fa585e96c9e4 required: - results SpConfigRule: type: object title: Config Object Rule description: Format of Config Hub object rules. properties: path: type: string description: JSONPath expression denoting the path within the object where a value substitution should be applied. example: $.enabled value: anyOf: - type: object - type: array - type: string - type: number - type: boolean nullable: true description: Value to be assigned at the jsonPath location within the object. modes: type: array description: Draft modes the rule will apply to. items: type: string enum: - RESTORE - PROMOTE - UPLOAD example: - RESTORE - PROMOTE SpConfigRules: type: object title: Config Object Rules description: Rules to be applied to the config object during the draft process. properties: takeFromTargetRules: type: array items: $ref: '#/components/schemas/SpConfigRule' defaultRules: type: array items: $ref: '#/components/schemas/SpConfigRule' editable: type: boolean default: false description: Indicates whether the object can be edited. example: true SpConfigObject: title: Object Configuration Model description: Response model for object configuration. type: object properties: objectType: type: string description: Object type the configuration is for. example: TRIGGER_SUBSCRIPTION referenceExtractors: type: array nullable: true description: List of JSON paths within an exported object of this type, representing references that must be resolved. items: type: string example: - $.owner signatureRequired: type: boolean default: false description: Indicates whether this type of object will be JWS signed and cannot be modified before import. example: false alwaysResolveById: type: boolean default: false description: Indicates whether this object type must be always be resolved by ID. example: true legacyObject: type: boolean default: false description: Indicates whether this is a legacy object. example: false onePerTenant: type: boolean default: false description: Indicates whether there is only one object of this type. example: false exportable: type: boolean default: false description: Indicates whether the object can be exported or is just a reference object. example: true rules: $ref: '#/components/schemas/SpConfigRules' AttrSyncSource: type: object title: Attr Sync Source description: Target source for attribute synchronization. properties: type: type: string description: DTO type of target source for attribute synchronization. enum: - SOURCE example: SOURCE id: type: string description: ID of target source for attribute synchronization. example: 2c9180835d191a86015d28455b4b232a name: type: string nullable: true description: Human-readable name of target source for attribute synchronization. example: HR Active Directory AttrSyncSourceAttributeConfig: type: object title: Attr Sync Source Attribute Config description: Specification of source attribute sync mapping configuration for an identity attribute required: - name - displayName - enabled - target properties: name: type: string description: Name of the identity attribute example: email displayName: type: string description: Display name of the identity attribute example: Email enabled: type: boolean description: Determines whether or not the attribute is enabled for synchronization example: true target: type: string description: Name of the source account attribute to which the identity attribute value will be synchronized if enabled example: mail AttrSyncSourceConfig: type: object title: Attr Sync Source Config description: Specification of attribute sync configuration for a source required: - source - attributes properties: source: $ref: '#/components/schemas/AttrSyncSource' attributes: type: array description: Attribute synchronization configuration for specific identity attributes in the context of a source items: $ref: '#/components/schemas/AttrSyncSourceAttributeConfig' example: - name: email displayName: Email enabled: true target: mail - name: firstname displayName: First Name enabled: false target: givenName SourceSyncPayload: type: object title: Source Sync Payload properties: type: type: string description: Payload type. example: SYNCHRONIZE_SOURCE_ATTRIBUTES dataJson: type: string description: Payload type. example: '{"sourceId":"2c918083746f642c01746f990884012a"}' required: - type - dataJson SourceSyncJob: type: object title: Source Sync Job properties: id: type: string description: Job ID. example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde status: type: string description: The job status. enum: - QUEUED - IN_PROGRESS - SUCCESS - ERROR example: IN_PROGRESS payload: description: Job payload. $ref: '#/components/schemas/SourceSyncPayload' example: type: SYNCHRONIZE_SOURCE_ATTRIBUTES dataJson: '{"sourceId":"2c918083746f642c01746f990884012a"}' required: - id - status - payload SourceEntitlementRequestConfig: type: object title: Source Entitlement Request Config description: Entitlement Request Configuration properties: accessRequestConfig: $ref: '#/components/schemas/EntitlementAccessRequestConfig' description: Configuration for requesting access to entitlements revocationRequestConfig: $ref: '#/components/schemas/EntitlementRevocationRequestConfig' License: type: object title: License properties: licenseId: type: string description: Name of the license example: idn:access-request legacyFeatureName: type: string description: Legacy name of the license example: ACCESS_REQUEST Product: type: object title: Product properties: productName: type: string description: Name of the Product example: idn url: type: string description: URL of the Product example: https://tenant-name.identitynow.com productTenantId: type: string description: An identifier for a specific product-tenant combination example: tenant#product productRegion: type: string description: Product region example: us-east-1 productRight: type: string description: Right needed for the Product example: idn:ui:view apiUrl: nullable: true type: string description: API URL of the Product example: https://tenant-name.api.identitynow.com licenses: type: array items: $ref: '#/components/schemas/License' attributes: type: object additionalProperties: true description: Additional attributes for a product example: domain: https://tenant-name.identitynow.com maxRegisteredUsers: 250 zone: type: string description: Zone example: Deployment zone for the Product status: type: string description: Status of the product example: active statusDateTime: type: string format: date-time description: Status datetime example: '2020-05-19T13:49:37.385Z' reason: type: string description: If there's a tenant provisioning failure then reason will have the description of error example: Reason notes: type: string description: Product could have additional notes added during tenant provisioning. example: Example notes dateCreated: nullable: true type: string format: date-time description: Date when the product was created example: '2020-05-19T13:49:37.385Z' lastUpdated: nullable: true type: string format: date-time description: Date when the product was last updated example: '2020-05-19T13:49:37.385Z' orgType: nullable: true type: string enum: - development - staging - production - test - partner - training - demonstration - sandbox - null description: Type of org example: test Tenant: type: object title: Tenant properties: id: type: string readOnly: true description: The unique identifier for the Tenant example: 2c91808568c529c60168cca6f90c1324 name: type: string description: Abbreviated name of the Tenant example: acme fullName: type: string description: Human-readable name of the Tenant example: Acme, Inc pod: type: string description: Deployment pod for the Tenant example: example-pod region: type: string description: Deployment region for the Tenant example: us-east-1 description: type: string description: Description of the Tenant example: Description of the Tenant products: type: array items: $ref: '#/components/schemas/Product' TriggerType: type: string description: The type of trigger. example: FIRE_AND_FORGET enum: - REQUEST_RESPONSE - FIRE_AND_FORGET AccessItemRequestedForDto: type: object description: Identity the access item is requested for. properties: type: type: string description: DTO type of identity the access item is requested for. enum: - IDENTITY example: IDENTITY id: type: string description: ID of identity the access item is requested for. example: 2c4180a46faadee4016fb4e018c20626 name: type: string description: Human-readable display name of identity the access item is requested for. example: Robert Robinson AccessItemRequesterDto: type: object description: Access item requester's identity. properties: type: type: string description: Access item requester's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Access item requester's identity ID. example: 2c7180a46faadee4016fb4e018c20648 name: type: string description: Access item owner's human-readable display name. example: William Wilson AccessRequestDynamicApprover: title: Access Request Dynamic Approver type: object required: - accessRequestId - requestedFor - requestedItems - requestedBy properties: accessRequestId: type: string description: | The unique ID of the access request object. Can be used with the [access request status endpoint](https://developer.sailpoint.com/idn/api/beta/list-access-request-status) to get the status of the request. example: 4b4d982dddff4267ab12f0f1e72b5a6d requestedFor: type: array description: Identities access was requested for. items: $ref: '#/components/schemas/AccessItemRequestedForDto' minItems: 1 maxItems: 10 requestedItems: description: The access items that are being requested. type: array items: type: object required: - id - name - type - operation properties: id: type: string description: The unique ID of the access item. example: 2c91808b6ef1d43e016efba0ce470904 name: type: string description: Human friendly name of the access item. example: Engineering Access description: nullable: true type: string description: Extended description of the access item. example: Engineering Access type: enum: - ACCESS_PROFILE - ROLE - ENTITLEMENT description: The type of access item being requested. example: ACCESS_PROFILE operation: enum: - Add - Remove description: Grant or revoke the access item example: Add comment: nullable: true type: string description: A comment from the requestor on why the access is needed. example: William needs this access for his day to day job activities. minItems: 1 maxItems: 25 requestedBy: allOf: - $ref: '#/components/schemas/AccessItemRequesterDto' AccessItemApproverDto: type: object description: Identity who approved the access item request. properties: type: type: string description: DTO type of identity who approved the access item request. enum: - IDENTITY example: IDENTITY id: type: string description: ID of identity who approved the access item request. example: 2c3780a46faadee4016fb4e018c20652 name: type: string description: Human-readable display name of identity who approved the access item request. example: Allen Albertson AccessRequestPostApproval: title: Access Request Post Approval type: object required: - accessRequestId - requestedFor - requestedItemsStatus - requestedBy properties: accessRequestId: type: string description: The unique ID of the access request. example: 2c91808b6ef1d43e016efba0ce470904 requestedFor: required: - id - type - name type: array description: Identities access was requested for. items: $ref: '#/components/schemas/AccessItemRequestedForDto' minItems: 1 maxItems: 10 requestedItemsStatus: description: Details on the outcome of each access item. type: array items: type: object required: - id - name - type - operation - approvalInfo properties: id: type: string description: The unique ID of the access item being requested. example: 2c91808b6ef1d43e016efba0ce470904 name: type: string description: The human friendly name of the access item. example: Engineering Access description: nullable: true type: string description: Detailed description of the access item. example: Access to engineering database type: enum: - ACCESS_PROFILE - ROLE - ENTITLEMENT description: The type of access item. example: ACCESS_PROFILE operation: enum: - Add - Remove description: The action to perform on the access item. example: Add comment: nullable: true type: string description: A comment from the identity requesting the access. example: William needs this access to do his job. clientMetadata: description: Additional customer defined metadata about the access item. nullable: true type: object additionalProperties: true example: applicationName: My application approvalInfo: description: A list of one or more approvers for the access request. type: array items: type: object required: - approvalDecision - approverName - approver properties: approvalComment: nullable: true type: string description: A comment left by the approver. example: This access looks good. Approved. approvalDecision: enum: - APPROVED - DENIED description: The final decision of the approver. example: APPROVED approverName: type: string description: The name of the approver example: Stephen.Austin approver: required: - id - type - name allOf: - $ref: '#/components/schemas/AccessItemApproverDto' description: The identity of the approver. properties: type: enum: - IDENTITY example: IDENTITY description: The type of object that is referenced requestedBy: required: - id - type - name allOf: - $ref: '#/components/schemas/AccessItemRequesterDto' AccessRequestPreApproval: title: Access Request Pre Approval type: object required: - accessRequestId - requestedFor - requestedItems - requestedBy properties: accessRequestId: type: string description: The unique ID of the access request. example: 2c91808b6ef1d43e016efba0ce470904 requestedFor: required: - id - type - name type: array description: Identities access was requested for. items: $ref: '#/components/schemas/AccessItemRequestedForDto' minItems: 1 maxItems: 10 requestedItems: description: Details of the access items being requested. type: array items: type: object required: - id - name - type - operation properties: id: type: string description: The unique ID of the access item being requested. example: 2c91808b6ef1d43e016efba0ce470904 name: type: string description: The human friendly name of the access item. example: Engineering Access description: nullable: true type: string description: Detailed description of the access item. example: Access to engineering database type: enum: - ACCESS_PROFILE - ROLE - ENTITLEMENT description: The type of access item. example: ACCESS_PROFILE operation: enum: - Add - Remove description: The action to perform on the access item. example: Add comment: nullable: true type: string description: A comment from the identity requesting the access. example: William needs this access to do his job. minItems: 1 maxItems: 25 requestedBy: required: - id - type - name allOf: - $ref: '#/components/schemas/AccessItemRequesterDto' AccountAggregationCompleted: title: Account Aggregation Completed type: object required: - source - status - started - completed - errors - warnings - stats properties: source: required: - type - name - id type: object description: The source the accounts are being aggregated from. properties: type: type: string description: The DTO type of the source the accounts are being aggregated from. enum: - SOURCE example: SOURCE id: type: string description: The ID of the source the accounts are being aggregated from. example: 2c9180835d191a86015d28455b4b232a name: type: string description: Display name of the source the accounts are being aggregated from. example: HR Active Directory status: description: The overall status of the aggregation. enum: - Success - Failed - Terminated example: Success started: type: string format: date-time description: The date and time when the account aggregation started. example: '2020-06-29T22:01:50.474Z' completed: type: string format: date-time description: The date and time when the account aggregation finished. example: '2020-06-29T22:02:04.090Z' errors: nullable: true description: A list of errors that occurred during the aggregation. type: array items: type: string description: A descriptive error message. example: Accounts unable to be aggregated. warnings: nullable: true description: A list of warnings that occurred during the aggregation. type: array items: type: string description: A descriptive warning message. example: Account Skipped stats: type: object description: Overall statistics about the account aggregation. required: - scanned - unchanged - changed - added - removed properties: scanned: type: integer format: int32 minimum: 0 maximum: 2147483647 description: The number of accounts which were scanned / iterated over. example: 200 unchanged: type: integer format: int32 minimum: 0 maximum: 2147483647 description: The number of accounts which existed before, but had no changes. example: 190 changed: type: integer format: int32 minimum: 0 maximum: 2147483647 description: The number of accounts which existed before, but had changes. example: 6 added: type: integer format: int32 minimum: 0 maximum: 2147483647 description: The number of accounts which are new - have not existed before. example: 4 removed: type: integer minimum: 0 maximum: 2147483647 format: int32 description: The number accounts which existed before, but no longer exist (thus getting removed). example: 3 AccountAttributesChanged: title: Account Attributes Changed type: object required: - identity - source - account - changes properties: identity: required: - id - type - name type: object description: The identity whose account attributes were updated. properties: type: type: string description: DTO type of the identity whose account attributes were updated. enum: - IDENTITY example: IDENTITY id: type: string description: ID of the identity whose account attributes were updated. example: 2c7180a46faadee4016fb4e018c20642 name: type: string description: Display name of the identity whose account attributes were updated. example: Michael Michaels source: required: - id - type - name type: object description: The source that contains the account. properties: id: description: ID of the object to which this reference applies type: string example: 4e4d982dddff4267ab12f0f1e72b5a6d type: type: string enum: - SOURCE example: SOURCE description: The type of object that is referenced name: type: string description: Human-readable display name of the object to which this reference applies example: Corporate Active Directory account: type: object description: Details of the account where the attributes changed. required: - id - uuid - name - nativeIdentity - type properties: id: type: string description: SailPoint generated unique identifier. example: 52170a74-ca89-11ea-87d0-0242ac130003 uuid: nullable: true type: string description: The source's unique identifier for the account. UUID is generated by the source system. example: 1cb1f07d-3e5a-4431-becd-234fa4306108 name: type: string description: Name of the account. example: john.doe nativeIdentity: type: string description: Unique ID of the account on the source. example: cn=john.doe,ou=users,dc=acme,dc=com type: enum: - ACCOUNT description: The type of the account example: ACCOUNT changes: type: array description: A list of attributes that changed. items: type: object required: - attribute - oldValue - newValue properties: attribute: type: string description: The name of the attribute. example: sn oldValue: description: The previous value of the attribute. nullable: true oneOf: - type: string - type: boolean - type: array items: nullable: true type: string example: doe newValue: description: The new value of the attribute. nullable: true oneOf: - type: string - type: boolean - type: array items: nullable: true type: string example: ryans AccountCorrelated: title: Account Correlated type: object required: - identity - source - account - attributes properties: identity: required: - type - name - id type: object description: Identity the account is correlated with. properties: type: type: string description: DTO type of the identity the account is correlated with. enum: - IDENTITY example: IDENTITY id: type: string description: ID of the identity the account is correlated with. example: 2c7180a46faadee4016fb4e018c20642 name: type: string description: Display name of the identity the account is correlated with. example: Michael Michaels source: required: - id - type - name type: object description: The source the accounts are being correlated from. properties: type: type: string description: The DTO type of the source the accounts are being correlated from. enum: - SOURCE example: SOURCE id: type: string description: The ID of the source the accounts are being correlated from. example: 2c9180835d191a86015d28455b4b232a name: type: string description: Display name of the source the accounts are being correlated from. example: HR Active Directory account: type: object description: The correlated account. required: - id - name - nativeIdentity - type properties: type: type: string description: The correlated account's DTO type. enum: - ACCOUNT example: ACCOUNT id: type: string description: The correlated account's ID. example: 98da47c31df444558c211f9b205184f6 name: type: string description: The correlated account's display name. example: Brian Mendoza nativeIdentity: type: string description: Unique ID of the account on the source. example: cn=john.doe,ou=users,dc=acme,dc=com uuid: nullable: true type: string description: The source's unique identifier for the account. UUID is generated by the source system. example: 1cb1f07d-3e5a-4431-becd-234fa4306108 attributes: type: object description: The attributes associated with the account. Attributes are unique per source. additionalProperties: true example: sn: doe givenName: john memberOf: - cn=g1,ou=groups,dc=acme,dc=com - cn=g2,ou=groups,dc=acme,dc=com - cn=g3,ou=groups,dc=acme,dc=com entitlementCount: type: integer format: int32 description: The number of entitlements associated with this account. example: 0 AccountsCollectedForAggregation: title: Accounts Collected for Aggregation type: object required: - source - status - started - completed - errors - warnings - stats properties: source: required: - id - type - name type: object description: Reference to the source that has been aggregated. properties: id: description: ID of the object to which this reference applies type: string example: 4e4d982dddff4267ab12f0f1e72b5a6d type: type: string enum: - SOURCE example: SOURCE description: The type of object that is referenced name: type: string description: Human-readable display name of the object to which this reference applies example: Corporate Active Directory status: description: The overall status of the collection. enum: - Success - Failed - Terminated example: Success started: type: string format: date-time description: The date and time when the account collection started. example: '2020-06-29T22:01:50.474Z' completed: type: string format: date-time description: The date and time when the account collection finished. example: '2020-06-29T22:02:04.090Z' errors: nullable: true description: A list of errors that occurred during the collection. type: array items: type: string description: A descriptive error message. example: Unable to collect accounts for aggregation. warnings: nullable: true description: A list of warnings that occurred during the collection. type: array items: type: string description: A descriptive warning message. example: Account Skipped stats: type: object description: Overall statistics about the account collection. required: - scanned - unchanged - changed - added - removed properties: scanned: type: integer format: int32 minimum: 0 maximum: 2147483647 description: The number of accounts which were scanned / iterated over. example: 200 unchanged: type: integer format: int32 minimum: 0 maximum: 2147483647 description: The number of accounts which existed before, but had no changes. example: 190 changed: type: integer format: int32 minimum: 0 maximum: 2147483647 description: The number of accounts which existed before, but had changes. example: 6 added: type: integer format: int32 minimum: 0 maximum: 2147483647 description: The number of accounts which are new - have not existed before. example: 4 removed: type: integer minimum: 0 maximum: 2147483647 format: int32 description: The number accounts which existed before, but no longer exist (thus getting removed). example: 3 AccountUncorrelated: title: Account Uncorrelated type: object required: - identity - source - account properties: identity: required: - type - name - id type: object description: Identity the account is uncorrelated with. properties: type: type: string description: DTO type of the identity the account is uncorrelated with. enum: - IDENTITY example: IDENTITY id: type: string description: ID of the identity the account is uncorrelated with. example: 2c3780a46faadee4016fb4e018c20652 name: type: string description: Display name of the identity the account is uncorrelated with. example: Allen Albertson source: required: - type - name - id type: object description: The source the accounts are uncorrelated from. properties: type: type: string description: The DTO type of the source the accounts are uncorrelated from. enum: - SOURCE example: SOURCE id: type: string description: The ID of the source the accounts are uncorrelated from. example: 2c6180835d191a86015d28455b4b231b name: type: string description: Display name of the source the accounts are uncorrelated from. example: Corporate Directory account: type: object description: Uncorrelated account. required: - id - name - nativeIdentity - type properties: type: enum: - ACCOUNT description: Uncorrelated account's DTO type. example: ACCOUNT id: type: string description: Uncorrelated account's ID. example: 4dd497e3723e439991cb6d0e478375dd name: type: string description: Uncorrelated account's display name. example: Sadie Jensen nativeIdentity: type: string description: Unique ID of the account on the source. example: cn=john.doe,ou=users,dc=acme,dc=com uuid: nullable: true type: string description: The source's unique identifier for the account. UUID is generated by the source system. example: 1cb1f07d-3e5a-4431-becd-234fa4306108 entitlementCount: type: integer format: int32 description: The number of entitlements associated with this account. example: 0 CampaignActivated: title: Campaign Activated type: object required: - campaign properties: campaign: type: object description: Details about the certification campaign that was activated. required: - id - name - description - created - deadline - type - campaignOwner - status properties: id: type: string description: Unique ID for the campaign. example: 2c91808576f886190176f88cac5a0010 name: type: string description: The human friendly name of the campaign. example: Manager Access Campaign description: type: string description: Extended description of the campaign. example: Audit access for all employees. created: type: string format: date-time description: The date and time the campaign was created. example: '2021-02-16T03:04:45.815Z' modified: nullable: true type: string format: date-time description: The date and time the campaign was last modified. example: '2021-02-16T03:06:45.815Z' deadline: type: string format: date-time description: The date and time the campaign is due. example: '2021-03-16T03:04:45.815Z' type: description: The type of campaign. enum: - MANAGER - SOURCE_OWNER - SEARCH - ROLE_COMPOSITION example: MANAGER campaignOwner: type: object description: Details of the identity that owns the campaign. required: - id - displayName - email properties: id: type: string description: The unique ID of the identity. example: 37f080867702c1910177031320c40n27 displayName: type: string description: The human friendly name of the identity. example: John Snow email: type: string description: The primary email address of the identity. example: john.snow@example.com status: enum: - ACTIVE description: The current status of the campaign. example: ACTIVE CampaignEnded: title: Campaign Ended type: object required: - campaign properties: campaign: type: object description: Details about the certification campaign that ended. required: - id - name - description - created - deadline - type - campaignOwner - status properties: id: type: string description: Unique ID for the campaign. example: 2c91808576f886190176f88cac5a0010 name: type: string description: The human friendly name of the campaign. example: Manager Access Campaign description: type: string description: Extended description of the campaign. example: Audit access for all employees. created: type: string format: date-time description: The date and time the campaign was created. example: '2021-02-16T03:04:45.815Z' modified: nullable: true type: string format: date-time description: The date and time the campaign was last modified. example: '2021-03-16T03:06:45.815Z' deadline: type: string format: date-time description: The date and time the campaign is due. example: '2021-03-16T03:04:45.815Z' type: description: The type of campaign. enum: - MANAGER - SOURCE_OWNER - SEARCH - ROLE_COMPOSITION example: MANAGER campaignOwner: type: object description: Details of the identity that owns the campaign. required: - id - displayName - email properties: id: type: string description: The unique ID of the identity. example: 37f080867702c1910177031320c40n27 displayName: type: string description: The human friendly name of the identity. example: John Snow email: type: string description: The primary email address of the identity. example: john.snow@example.com status: enum: - COMPLETED description: The current status of the campaign. example: COMPLETED CampaignGenerated: title: Campaign Generated type: object required: - campaign properties: campaign: description: Details about the campaign that was generated. type: object required: - id - name - description - created - type - campaignOwner - status properties: id: type: string description: The unique ID of the campaign. example: 2c91808576f886190176f88cac5a0010 name: type: string description: Human friendly name of the campaign. example: Manager Access Campaign description: type: string description: Extended description of the campaign. example: Audit access for all employees. created: type: string format: date-time description: The date and time the campaign was created. example: '2021-02-16T03:04:45.815Z' modified: nullable: true type: string description: The date and time the campaign was last modified. example: '2021-02-17T03:04:45.815Z' deadline: nullable: true type: string description: The date and time when the campaign must be finished by. example: '2021-02-18T03:04:45.815Z' type: enum: - MANAGER - SOURCE_OWNER - SEARCH - ROLE_COMPOSITION description: The type of campaign that was generated. example: MANAGER campaignOwner: type: object description: The identity that owns the campaign. required: - id - displayName - email properties: id: type: string description: The unique ID of the identity. example: 37f080867702c1910177031320c40n27 displayName: type: string description: The display name of the identity. example: John Snow email: type: string description: The primary email address of the identity. example: john.snow@example.com status: enum: - STAGED - ACTIVATING - ACTIVE description: The current status of the campaign. example: STAGED CertificationDto: type: object title: Certification Dto required: - campaignRef - completed - decisionsMade - decisionsTotal - due - signed - reviewer - campaignOwner - hasErrors - phase - entitiesCompleted - entitiesTotal properties: campaignRef: $ref: '#/components/schemas/CampaignReference' phase: $ref: '#/components/schemas/CertificationPhase' due: type: string format: date-time description: The due date of the certification. example: '2018-10-19T13:49:37.385Z' signed: type: string format: date-time description: The date the reviewer signed off on the certification. example: '2018-10-19T13:49:37.385Z' reviewer: $ref: '#/components/schemas/Reviewer' description: A reference to the reviewer of the campaign. reassignment: $ref: '#/components/schemas/Reassignment' nullable: true description: A reference to a reviewer that this campaign has been reassigned to. hasErrors: type: boolean example: false description: Indicates it the certification has any errors. errorMessage: type: string nullable: true example: The certification has an error description: A message indicating what the error is. completed: type: boolean description: Indicates if all certification decisions have been made. example: false decisionsMade: type: integer description: The number of approve/revoke/acknowledge decisions that have been made by the reviewer. example: 20 format: int32 decisionsTotal: type: integer description: The total number of approve/revoke/acknowledge decisions for the certification. example: 40 format: int32 entitiesCompleted: type: integer description: The number of entities (identities, access profiles, roles, etc.) for which all decisions have been made and are complete. example: 5 format: int32 entitiesTotal: type: integer format: int32 description: The total number of entities (identities, access profiles, roles, etc.) in the certification, both complete and incomplete. example: 10 CertificationSignedOff: title: Certification Signed Off type: object required: - certification properties: certification: description: The certification campaign that was signed off on. required: - id - name - created allOf: - $ref: '#/components/schemas/CertificationDto' properties: id: type: string description: Unique ID of the certification. example: 2c91808576f886190176f88caf0d0067 name: type: string description: The name of the certification. example: Manager Access Review for Alice Baker created: type: string format: date-time description: The date and time the certification was created. example: '2020-02-16T03:04:45.815Z' modified: nullable: true type: string format: date-time description: The date and time the certification was last modified. example: '2020-02-16T03:06:45.815Z' IdentityAttributesChanged: title: Identity Attributes Changed type: object required: - identity - changes properties: identity: required: - id - type - name type: object description: Identity whose attributes changed. properties: type: type: string description: DTO type of identity whose attributes changed. enum: - IDENTITY example: IDENTITY id: type: string description: ID of identity whose attributes changed. example: 2c7180a46faadee4016fb4e018c20642 name: type: string description: Display name of identity whose attributes changed. example: Michael Michaels changes: description: A list of one or more identity attributes that changed on the identity. type: array items: type: object required: - attribute properties: attribute: type: string description: The name of the identity attribute that changed. example: department oldValue: description: The value of the identity attribute before it changed. nullable: true example: sales oneOf: - type: string - type: boolean - type: array items: type: string - type: object nullable: true additionalProperties: oneOf: - type: string - type: number - type: integer - type: boolean newValue: description: The value of the identity attribute after it changed. example: marketing oneOf: - type: string - type: boolean - type: array items: type: string - type: object nullable: true additionalProperties: oneOf: - type: string - type: number - type: integer - type: boolean IdentityCreated: title: Identity Created type: object required: - identity - attributes properties: identity: required: - id - type - name type: object description: Created identity. properties: type: type: string description: Created identity's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Created identity ID. example: 2c7180a46faadee4016fb4e018c20642 name: type: string description: Created identity's display name. example: Michael Michaels attributes: type: object description: The attributes assigned to the identity. Attributes are determined by the identity profile. additionalProperties: true example: firstname: John IdentityDeleted: title: Identity Deleted type: object required: - identity - attributes properties: identity: required: - id - type - name type: object description: Deleted identity. properties: type: type: string description: Deleted identity's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Deleted identity ID. example: 2c7180a46faadee4016fb4e018c20642 name: type: string description: Deleted identity's display name. example: Michael Michaels attributes: type: object description: The attributes assigned to the identity. Attributes are determined by the identity profile. additionalProperties: true example: firstname: John ProvisioningCompleted: title: Provisioning Completed type: object required: - trackingNumber - sources - recipient - accountRequests properties: trackingNumber: type: string description: The reference number of the provisioning request. Useful for tracking status in the Account Activity search interface. example: 4b4d982dddff4267ab12f0f1e72b5a6d sources: type: string description: One or more sources that the provisioning transaction(s) were done against. Sources are comma separated. example: Corp AD, Corp LDAP, Corp Salesforce action: nullable: true type: string description: Origin of where the provisioning request came from. example: IdentityRefresh errors: nullable: true description: A list of any accumulated error messages that occurred during provisioning. type: array items: type: string example: Connector AD Failed warnings: nullable: true description: A list of any accumulated warning messages that occurred during provisioning. type: array items: type: string example: Notification Skipped due to invalid email recipient: required: - id - type - name type: object description: Provisioning recpient. properties: type: type: string description: Provisioning recipient DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Provisioning recipient's identity ID. example: 2c7180a46faadee4016fb4e018c20642 name: type: string description: Provisioning recipient's display name. example: Michael Michaels requester: nullable: true required: - id - type - name type: object description: Provisioning requester's identity. properties: type: type: string description: Provisioning requester's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Provisioning requester's identity ID. example: 2c7180a46faadee4016fb4e018c20648 name: type: string description: Provisioning owner's human-readable display name. example: William Wilson accountRequests: type: array description: A list of provisioning instructions to perform on an account-by-account basis. items: type: object required: - source - accountOperation - provisioningResult - provisioningTarget properties: source: required: - id - type - name type: object description: Reference to the source being provisioned against. properties: id: description: ID of the object to which this reference applies type: string example: 4e4d982dddff4267ab12f0f1e72b5a6d type: type: string enum: - SOURCE example: SOURCE description: The type of object that is referenced name: type: string description: Human-readable display name of the object to which this reference applies example: Corporate Active Directory accountId: type: string description: The unique idenfier of the account being provisioned. example: CN=Chewy.Bacca,ou=hardcorefigter,ou=wookies,dc=starwars,dc=com accountOperation: type: string description: The provisioning operation; typically Create, Modify, Enable, Disable, Unlock, or Delete. example: Modify provisioningResult: description: The overall result of the provisioning transaction; this could be success, pending, failed, etc. enum: - SUCCESS - PENDING - FAILED example: SUCCESS provisioningTarget: type: string description: The name of the provisioning channel selected; this could be the same as the source, or could be a Service Desk Integration Module (SDIM). example: Corp AD ticketId: nullable: true type: string description: A reference to a tracking number, if this is sent to a Service Desk Integration Module (SDIM). example: '72619262' attributeRequests: nullable: true description: A list of attributes as part of the provisioning transaction. type: array items: type: object required: - attributeName - operation properties: attributeName: type: string description: The name of the attribute being provisioned. example: memberOf attributeValue: nullable: true type: string description: The value of the attribute being provisioned. example: CN=jedi,DC=starwars,DC=com operation: enum: - Add - Set - Remove description: The operation to handle the attribute. example: Add SavedSearchComplete: title: Saved Search Complete type: object required: - fileName - ownerEmail - ownerName - query - searchName - searchResults - signedS3Url properties: fileName: type: string description: A name for the report file. example: Modified.zip ownerEmail: type: string description: The email address of the identity that owns the saved search. example: test@sailpoint.com ownerName: type: string description: The name of the identity that owns the saved search. example: Cloud Support query: type: string description: The search query that was used to generate the report. example: modified:[now-7y/d TO now] searchName: type: string description: The name of the saved search. example: Modified Activity searchResults: type: object description: A preview of the search results for each object type. This includes a count as well as headers, and the first several rows of data, per object type. properties: Account: description: A table of accounts that match the search criteria. nullable: true type: object required: - count - noun - preview properties: count: type: string description: The number of rows in the table. example: 3 noun: type: string description: The type of object represented in the table. example: accounts preview: description: A sample of the data in the table. type: array items: type: array items: type: string example: Robert.Chase example: [] Entitlement: description: A table of entitlements that match the search criteria. nullable: true type: object required: - count - noun - preview properties: count: type: string description: The number of rows in the table. example: 2 noun: type: string description: The type of object represented in the table. example: entitlements preview: description: A sample of the data in the table. type: array items: type: array items: type: string example: Administrator example: [] Identity: description: A table of identities that match the search criteria. nullable: true type: object required: - count - noun - preview properties: count: type: string description: The number of rows in the table. example: 2 noun: type: string description: The type of object represented in the table. example: identities preview: description: A sample of the data in the table. type: array items: type: array items: type: string example: Carol Shelby example: [] signedS3Url: type: string description: The Amazon S3 URL to download the report from. example: https://sptcbu-org-data-useast1.s3.amazonaws.com/arsenal-john/reports/Events%20Export.2020-05-06%2018%2759%20GMT.3e580592-86e4-4953-8aea-49e6ef20a086.zip?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20200506T185919Z&X-Amz-SignedHeaders=host&X-Amz-Expires=899&X-Amz-Credential=AKIAV5E54XOGTS4Q4L7A%2F20200506%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2e732bb97a12a1fd8a215613e3c31fcdae8ba1fb6a25916843ab5b51d2ddefbc SourceAccountCreated: title: Source Account Created type: object required: - id - nativeIdentifier - sourceId - sourceName - identityId - identityName - attributes properties: uuid: type: string description: Source unique identifier for the identity. UUID is generated by the source system. example: b7264868-7201-415f-9118-b581d431c688 id: type: string description: SailPoint generated unique identifier. example: ee769173319b41d19ccec35ba52f237b nativeIdentifier: type: string description: Unique ID of the account on the source. example: E009 sourceId: type: string description: The ID of the source. example: 2c918082814e693601816e09471b29b6 sourceName: type: string description: The name of the source. example: Active Directory identityId: type: string description: The ID of the identity that is correlated with this account. example: ee769173319b41d19ccec6c235423237b identityName: type: string description: The name of the identity that is correlated with this account. example: john.doe attributes: type: object additionalProperties: true description: The attributes of the account. The contents of attributes depends on the account schema for the source. example: firstname: John lastname: Doe email: john.doe@gmail.com department: Sales displayName: John Doe created: '2020-04-27T16:48:33.597Z' employeeNumber: E009 uid: E009 inactive: 'true' phone: null identificationNumber: E009 SourceAccountDeleted: title: Source Account Deleted type: object required: - id - nativeIdentifier - sourceId - sourceName - identityId - identityName - attributes properties: uuid: type: string description: Source unique identifier for the identity. UUID is generated by the source system. example: b7264868-7201-415f-9118-b581d431c688 id: type: string description: SailPoint generated unique identifier. example: ee769173319b41d19ccec35ba52f237b nativeIdentifier: type: string description: Unique ID of the account on the source. example: E009 sourceId: type: string description: The ID of the source. example: 2c918082814e693601816e09471b29b6 sourceName: type: string description: The name of the source. example: Active Directory identityId: type: string description: The ID of the identity that is correlated with this account. example: ee769173319b41d19ccec6c235423237b identityName: type: string description: The name of the identity that is correlated with this account. example: john.doe attributes: type: object additionalProperties: true description: The attributes of the account. The contents of attributes depends on the account schema for the source. example: firstname: John lastname: Doe email: john.doe@gmail.com department: Sales displayName: John Doe created: '2020-04-27T16:48:33.597Z' employeeNumber: E009 uid: E009 inactive: 'true' phone: null identificationNumber: E009 SourceAccountUpdated: title: Source Account Updated type: object required: - id - nativeIdentifier - sourceId - sourceName - identityId - identityName - attributes properties: uuid: type: string description: Source unique identifier for the identity. UUID is generated by the source system. example: b7264868-7201-415f-9118-b581d431c688 id: type: string description: SailPoint generated unique identifier. example: ee769173319b41d19ccec35ba52f237b nativeIdentifier: type: string description: Unique ID of the account on the source. example: E009 sourceId: type: string description: The ID of the source. example: 2c918082814e693601816e09471b29b6 sourceName: type: string description: The name of the source. example: Active Directory identityId: type: string description: The ID of the identity that is correlated with this account. example: ee769173319b41d19ccec6c235423237b identityName: type: string description: The name of the identity that is correlated with this account. example: john.doe attributes: type: object additionalProperties: true description: The attributes of the account. The contents of attributes depends on the account schema for the source. example: firstname: John lastname: Doe email: john.doe@gmail.com department: Sales displayName: John Doe created: '2020-04-27T16:48:33.597Z' employeeNumber: E009 uid: E009 inactive: 'true' phone: null identificationNumber: E009 SourceCreated: title: Source Created type: object required: - id - name - type - created - connector - actor properties: id: type: string description: The unique ID of the source. example: 2c9180866166b5b0016167c32ef31a66 name: type: string description: Human friendly name of the source. example: Test source type: type: string description: The connection type. example: DIRECT_CONNECT created: type: string format: date-time description: The date and time the source was created. example: '2021-03-29T22:01:50.474Z' connector: type: string description: The connector type used to connect to the source. example: active-directory actor: required: - id - name - type type: object description: Identity who created the source. properties: type: type: string description: DTO type of identity who created the source. enum: - IDENTITY example: IDENTITY id: type: string description: ID of identity who created the source. example: 2c7180a46faadee4016fb4e018c20648 name: type: string description: Display name of identity who created the source. example: William Wilson SourceDeleted: title: Source Deleted type: object required: - id - name - type - deleted - connector - actor properties: id: type: string description: The unique ID of the source. example: 2c9180866166b5b0016167c32ef31a66 name: type: string description: Human friendly name of the source. example: Test source type: type: string description: The connection type. example: DIRECT_CONNECT deleted: type: string format: date-time description: The date and time the source was deleted. example: '2021-03-29T22:01:50.474Z' connector: type: string description: The connector type used to connect to the source. example: active-directory actor: required: - id - name - type type: object description: Identity who deleted the source. properties: type: type: string description: DTO type of identity who deleted the source. enum: - IDENTITY example: IDENTITY id: type: string description: ID of identity who deleted the source. example: 2c7180a46faadee4016fb4e018c20648 name: type: string description: Display name of identity who deleted the source. example: William Wilson SourceUpdated: title: Source Updated type: object required: - id - name - type - modified - connector - actor properties: id: type: string description: The unique ID of the source. example: 2c9180866166b5b0016167c32ef31a66 name: type: string description: The user friendly name of the source. example: Corporate Active Directory type: type: string description: The connection type of the source. example: DIRECT_CONNECT modified: type: string format: date-time description: The date and time the source was modified. example: '2021-03-29T22:01:50.474Z' connector: type: string description: The connector type used to connect to the source. example: active-directory actor: required: - type - name type: object description: Identity who updated the source. properties: type: type: string description: DTO type of identity who updated the source. enum: - IDENTITY example: IDENTITY id: type: string description: ID of identity who updated the source. example: 2c7180a46faadee4016fb4e018c20648 name: type: string description: Display name of identity who updated the source. example: William Wilson VAClusterStatusChangeEvent: title: VA Cluster Status Change Event type: object required: - created - type - application - healthCheckResult - previousHealthCheckResult properties: created: type: string format: date-time description: The date and time the status change occurred. example: '2020-06-29T22:01:50.474Z' type: enum: - SOURCE - CLUSTER description: The type of the object that initiated this event. example: CLUSTER application: type: object description: Details about the `CLUSTER` or `SOURCE` that initiated this event. required: - id - name - attributes properties: id: type: string description: The GUID of the application example: 2c9180866166b5b0016167c32ef31a66 name: type: string description: The name of the application example: Production VA Cluster attributes: type: object description: Custom map of attributes for a source. This will only be populated if type is `SOURCE` and the source has a proxy. additionalProperties: true nullable: true example: null healthCheckResult: type: object description: The results of the most recent health check. required: - message - resultType - status properties: message: type: string description: Detailed message of the result of the health check. example: Test Connection failed with exception. Error message - java.lang Exception resultType: type: string description: The type of the health check result. example: SOURCE_STATE_ERROR_CLUSTER status: enum: - Succeeded - Failed description: The status of the health check. example: Succeeded previousHealthCheckResult: type: object description: The results of the last health check. required: - message - resultType - status properties: message: type: string description: Detailed message of the result of the health check. example: Test Connection failed with exception. Error message - java.lang Exception resultType: type: string description: The type of the health check result. example: SOURCE_STATE_ERROR_CLUSTER status: enum: - Succeeded - Failed description: The status of the health check. example: Failed AccessRequestDynamicApprover-2: title: Access Request Dynamic Approver type: object nullable: true required: - id - name - type properties: id: type: string description: The unique ID of the identity to add to the approver list for the access request. example: 2c91808b6ef1d43e016efba0ce470906 name: type: string description: The name of the identity to add to the approver list for the access request. example: Adam Adams type: enum: - IDENTITY - GOVERNANCE_GROUP description: The type of object being referenced. example: IDENTITY AccessRequestPreApproval-2: title: Access Request Pre Approval type: object required: - approved - comment - approver properties: approved: type: boolean description: Whether or not to approve the access request. example: false comment: type: string description: A comment about the decision to approve or deny the request. example: This access should be denied, because this will cause an SOD violation. approver: type: string description: The name of the entity that approved or denied the request. example: AcmeCorpExternalIntegration Trigger: type: object title: Trigger required: - id - name - type - inputSchema - exampleInput properties: id: type: string description: Unique identifier of the trigger. example: idn:access-request-dynamic-approver name: type: string description: Trigger Name. example: Access Request Dynamic Approver type: $ref: '#/components/schemas/TriggerType' example: REQUEST_RESPONSE description: type: string description: Trigger Description. example: Trigger for getting a dynamic approver. inputSchema: type: string description: The JSON schema of the payload that will be sent by the trigger to the subscribed service. example: '{"definitions":{"record:AccessRequestDynamicApproverInput":{"type":"object","required":["accessRequestId","requestedFor","requestedItems","requestedBy"],"additionalProperties":true,"properties":{"accessRequestId":{"type":"string"},"requestedFor":{"$ref":"#/definitions/record:requestedForIdentityRef"},"requestedItems":{"type":"array","items":{"$ref":"#/definitions/record:requestedObjectRef"}},"requestedBy":{"$ref":"#/definitions/record:requestedByIdentityRef"}}},"record:requestedForIdentityRef":{"type":"object","required":["id","name","type"],"additionalProperties":true,"properties":{"id":{"type":"string"},"name":{"type":"string"},"type":{"type":"string"}}},"record:requestedObjectRef":{"type":"object","optional":["description","comment"],"required":["id","name","type","operation"],"additionalProperties":true,"properties":{"id":{"type":"string"},"name":{"type":"string"},"description":{"oneOf":[{"type":"null"},{"type":"string"}]},"type":{"type":"string"},"operation":{"type":"string"},"comment":{"oneOf":[{"type":"null"},{"type":"string"}]}}},"record:requestedByIdentityRef":{"type":"object","required":["type","id","name"],"additionalProperties":true,"properties":{"type":{"type":"string"},"id":{"type":"string"},"name":{"type":"string"}}}},"$ref":"#/definitions/record:AccessRequestDynamicApproverInput"}' exampleInput: description: An example of the JSON payload that will be sent by the trigger to the subscribed service. oneOf: - $ref: '#/components/schemas/AccessRequestDynamicApprover' - $ref: '#/components/schemas/AccessRequestPostApproval' - $ref: '#/components/schemas/AccessRequestPreApproval' - $ref: '#/components/schemas/AccountAggregationCompleted' - $ref: '#/components/schemas/AccountAttributesChanged' - $ref: '#/components/schemas/AccountCorrelated' - $ref: '#/components/schemas/AccountsCollectedForAggregation' - $ref: '#/components/schemas/AccountUncorrelated' - $ref: '#/components/schemas/CampaignActivated' - $ref: '#/components/schemas/CampaignEnded' - $ref: '#/components/schemas/CampaignGenerated' - $ref: '#/components/schemas/CertificationSignedOff' - $ref: '#/components/schemas/IdentityAttributesChanged' - $ref: '#/components/schemas/IdentityCreated' - $ref: '#/components/schemas/IdentityDeleted' - $ref: '#/components/schemas/ProvisioningCompleted' - $ref: '#/components/schemas/SavedSearchComplete' - $ref: '#/components/schemas/SourceAccountCreated' - $ref: '#/components/schemas/SourceAccountDeleted' - $ref: '#/components/schemas/SourceAccountUpdated' - $ref: '#/components/schemas/SourceCreated' - $ref: '#/components/schemas/SourceDeleted' - $ref: '#/components/schemas/SourceUpdated' - $ref: '#/components/schemas/VAClusterStatusChangeEvent' outputSchema: type: string description: The JSON schema of the response that will be sent by the subscribed service to the trigger in response to an event. This only applies to a trigger type of `REQUEST_RESPONSE`. nullable: true example: '{"definitions":{"record:AccessRequestDynamicApproverOutput":{"type":["null","object"],"required":["id","name","type"],"additionalProperties":true,"properties":{"id":{"type":"string"},"name":{"type":"string"},"type":{"type":"string"}}}},"$ref":"#/definitions/record:AccessRequestDynamicApproverOutput"}' exampleOutput: description: An example of the JSON payload that will be sent by the subscribed service to the trigger in response to an event. nullable: true oneOf: - $ref: '#/components/schemas/AccessRequestDynamicApprover-2' - $ref: '#/components/schemas/AccessRequestPreApproval-2' SubscriptionType: type: string enum: - HTTP - EVENTBRIDGE - INLINE - SCRIPT - WORKFLOW description: Subscription type. **NOTE** If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required. example: HTTP HttpDispatchMode: type: string description: HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC. enum: - SYNC - ASYNC - DYNAMIC example: SYNC HttpAuthenticationType: type: string description: |- Defines the HTTP Authentication type. Additional values may be added in the future. If *NO_AUTH* is selected, no extra information will be in HttpConfig. If *BASIC_AUTH* is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings. If *BEARER_TOKEN* is selected, HttpConfig will include BearerTokenAuthConfig with Token as string. enum: - NO_AUTH - BASIC_AUTH - BEARER_TOKEN default: NO_AUTH example: BASIC_AUTH BasicAuthConfig: type: object title: Basic Auth Config properties: userName: type: string description: The username to authenticate. example: user@example.com password: type: string nullable: true description: The password to authenticate. On response, this field is set to null as to not return secrets. example: null nullable: true description: Config required if BASIC_AUTH is used. BearerTokenAuthConfig: type: object title: Bearer Token Auth Config properties: bearerToken: type: string nullable: true description: Bearer token example: null nullable: true description: Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets. HttpConfig: type: object title: Http Config properties: url: type: string description: URL of the external/custom integration. example: https://www.example.com httpDispatchMode: $ref: '#/components/schemas/HttpDispatchMode' httpAuthenticationType: $ref: '#/components/schemas/HttpAuthenticationType' basicAuthConfig: $ref: '#/components/schemas/BasicAuthConfig' bearerTokenAuthConfig: $ref: '#/components/schemas/BearerTokenAuthConfig' required: - url - httpDispatchMode EventBridgeConfig: type: object title: Event Bridge Config properties: awsAccount: type: string description: AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource. example: '123456789012' awsRegion: type: string description: AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values. example: us-west-1 required: - awsAccount - awsRegion Subscription: type: object title: Subscription required: - id - triggerId - type - name - triggerName - enabled properties: id: type: string description: Subscription ID. example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde name: type: string description: Subscription name. example: Access request subscription description: type: string description: Subscription description. example: Access requested to site xyz triggerId: type: string description: ID of trigger subscribed to. example: idn:access-request-post-approval triggerName: type: string description: Trigger name of trigger subscribed to. example: Access Requested type: $ref: '#/components/schemas/SubscriptionType' responseDeadline: type: string description: Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format. example: PT1H default: PT1H httpConfig: description: Config required if HTTP subscription type is used. $ref: '#/components/schemas/HttpConfig' eventBridgeConfig: description: Config required if EVENTBRIDGE subscription type is used. $ref: '#/components/schemas/EventBridgeConfig' enabled: type: boolean description: |- Whether subscription should receive real-time trigger invocations or not. Test trigger invocations are always enabled regardless of this option. default: true example: true filter: type: string description: JSONPath filter to conditionally invoke trigger when expression evaluates to true. example: $[?($.identityId == "201327fda1c44704ac01181e963d463c")] externalDocs: description: JSONPath filter documentation url: https://developer.sailpoint.com/docs/extensibility/event-triggers/filtering-events SubscriptionPostRequest: type: object title: Subscription Post Request required: - triggerId - type - name properties: name: type: string description: Subscription name. example: Access request subscription description: type: string description: Subscription description. example: Access requested to site xyz triggerId: type: string description: ID of trigger subscribed to. example: idn:access-requested type: $ref: '#/components/schemas/SubscriptionType' responseDeadline: type: string description: Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format. example: PT1H default: PT1H httpConfig: description: Config required if HTTP subscription type is used. $ref: '#/components/schemas/HttpConfig' eventBridgeConfig: description: Config required if EVENTBRIDGE subscription type is used. $ref: '#/components/schemas/EventBridgeConfig' enabled: type: boolean description: |- Whether subscription should receive real-time trigger invocations or not. Test trigger invocations are always enabled regardless of this option. default: true example: true filter: type: string description: JSONPath filter to conditionally invoke trigger when expression evaluates to true. example: $[?($.identityId == "201327fda1c44704ac01181e963d463c")] externalDocs: description: JSONPath filter documentation url: https://developer.sailpoint.com/docs/extensibility/event-triggers/filtering-events SubscriptionPutRequest: type: object title: Subscription Put Request properties: name: type: string description: Subscription name. example: Access request subscription description: type: string description: Subscription description. example: Access requested to site xyz type: $ref: '#/components/schemas/SubscriptionType' responseDeadline: type: string description: Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format. example: PT1H default: PT1H httpConfig: description: Config required if HTTP subscription type is used. $ref: '#/components/schemas/HttpConfig' eventBridgeConfig: description: Config required if EVENTBRIDGE subscription type is used. $ref: '#/components/schemas/EventBridgeConfig' enabled: type: boolean description: |- Whether subscription should receive real-time trigger invocations or not. Test trigger invocations are always enabled regardless of this option. default: true example: true filter: type: string description: JSONPath filter to conditionally invoke trigger when expression evaluates to true. example: $[?($.identityId == "201327fda1c44704ac01181e963d463c")] externalDocs: description: JSONPath filter documentation url: https://developer.sailpoint.com/docs/extensibility/event-triggers/filtering-events SubscriptionPatchRequest: description: Operations to be applied type: array items: type: object description: A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902) required: - op - path properties: op: type: string description: The operation to be performed enum: - add - remove - replace - move - copy example: replace path: type: string description: A string JSON Pointer representing the target path to an element to be affected by the operation example: /description value: anyOf: - type: string - type: integer - type: object - type: array items: anyOf: - type: string - type: integer - type: object description: The value to be used for the operation, required for "add" and "replace" operations example: New description example: - op: replace path: /description value: A new description - op: replace path: /name value: A new name ValidateFilterInputDto: type: object title: Validate Filter Input Dto properties: input: type: object description: Mock input to evaluate filter expression against. example: identityId: 201327fda1c44704ac01181e963d463c filter: type: string description: JSONPath filter to conditionally invoke trigger when expression evaluates to true. example: $[?($.identityId == "201327fda1c44704ac01181e963d463c")] externalDocs: description: JSONPath filter documentation url: https://developer.sailpoint.com/docs/extensibility/event-triggers/filtering-events required: - input - filter ValidateFilterOutputDto: type: object title: Validate Filter Output Dto properties: isValid: type: boolean default: false description: When this field is true, the filter expression is valid against the input. example: true isValidJSONPath: type: boolean default: false description: When this field is true, the filter expression is using a valid JSON path. example: true isPathExist: type: boolean default: false description: When this field is true, the filter expression is using an existing path. example: true InvocationStatusType: type: string description: |- Defines the Invocation type. **TEST** The trigger was invocated as a test, either via the test subscription button in the UI or via the start test invocation API. **REAL_TIME** The trigger subscription is live and was invocated by a real event in IdentityNow. enum: - TEST - REAL_TIME example: TEST StartInvocationInput: type: object title: Start Invocation Input properties: triggerId: type: string description: Trigger ID example: idn:access-requested input: type: object example: identityId: 201327fda1c44704ac01181e963d463c description: Trigger input payload. Its schema is defined in the trigger definition. contentJson: type: object example: workflowId: 1234 description: JSON map of invocation metadata CompleteInvocationInput: type: object title: Complete Invocation Input properties: localizedError: $ref: '#/components/schemas/LocalizedMessage' output: type: object nullable: true example: approved: false description: Trigger output that completed the invocation. Its schema is defined in the trigger definition. InvocationStatus: type: object title: Invocation Status required: - id - triggerId - subscriptionId - startInvocationInput - type - subscriptionName - created properties: id: type: string description: Invocation ID example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde triggerId: type: string description: Trigger ID example: idn:access-request-post-approval subscriptionName: type: string description: Subscription name example: Access request subscription subscriptionId: type: string description: Subscription ID example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde type: $ref: '#/components/schemas/InvocationStatusType' created: type: string format: date-time description: Invocation created timestamp. ISO-8601 in UTC. example: '2020-03-27T20:40:10.738Z' completed: type: string format: date-time description: Invocation completed timestamp; empty fields imply invocation is in-flight or not completed. ISO-8601 in UTC. example: '2020-03-27T20:42:14.738Z' startInvocationInput: $ref: '#/components/schemas/StartInvocationInput' description: Data related to start of trigger invocation. completeInvocationInput: $ref: '#/components/schemas/CompleteInvocationInput' description: Data related to end of trigger invocation. CompleteInvocation: type: object title: Complete Invocation properties: secret: type: string description: Unique invocation secret that was generated when the invocation was created. Required to authenticate to the endpoint. example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde error: type: string description: The error message to indicate a failed invocation or error if any. example: Access request is denied. output: type: object example: approved: false description: Trigger output to complete the invocation. Its schema is defined in the trigger definition. required: - secret - output TestInvocation: type: object title: Test Invocation properties: triggerId: type: string example: idn:access-request-post-approval description: Trigger ID input: type: object example: identityId: 201327fda1c44704ac01181e963d463c description: Mock input to use for test invocation. This must adhere to the input schema defined in the trigger being invoked. If this property is omitted, then the default trigger sample payload will be sent. contentJson: type: object example: workflowId: 1234 description: JSON map of invocation metadata. subscriptionIds: type: array items: type: string example: - 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde description: Only send the test event to the subscription IDs listed. If omitted, the test event will be sent to all subscribers. required: - triggerId - contentJson Invocation: type: object title: Invocation properties: id: type: string description: Invocation ID example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde triggerId: type: string description: Trigger ID example: idn:access-requested secret: type: string description: Unique invocation secret. example: 0f979022-08be-44f2-b6f9-7393ec73ed9b contentJson: type: object example: workflowId: 1234 description: JSON map of invocation metadata. TenantUiMetadataItemResponse: type: object properties: iframeWhiteList: type: string nullable: true description: Parameter that organizational administrators can adjust to permit another domain to encapsulate IDN within an iframe. If you would like to reset the value use "null". It will only allow include into iframe non authenticated portions of the product, such as password reset. example: http://example.com http://example2.com usernameLabel: type: string nullable: true description: Descriptor for the username input field. If you would like to reset the value use "null". example: Email usernameEmptyText: type: string nullable: true description: Placeholder text displayed in the username input field. If you would like to reset the value use "null". example: Please provide your work email address... TenantUiMetadataItemUpdateRequest: type: object properties: iframeWhiteList: type: string nullable: true description: Parameter that organizational administrators can adjust to permit another domain to encapsulate IDN within an iframe. If you would like to reset the value use "null". It will only allow include into iframe non authenticated portions of the product, such as password reset. example: http://example.com http://example2.com usernameLabel: type: string nullable: true description: Descriptor for the username input field. If you would like to reset the value use "null". example: Email usernameEmptyText: type: string nullable: true description: Placeholder text displayed in the username input field. If you would like to reset the value use "null". example: Please provide your work email address... EmailStatusDto: type: object title: Email Status Dto properties: id: type: string nullable: true email: type: string example: sender@example.com isVerifiedByDomain: type: boolean example: false verificationStatus: type: string enum: - PENDING - SUCCESS - FAILED DkimAttributes: type: object title: Dkim Attributes properties: id: type: string example: 123b45b0-aaaa-bbbb-a7db-123456a56abc description: UUID associated with domain to be verified address: type: string example: BobSmith@sailpoint.com description: The identity or domain address dkimEnabled: type: boolean default: false example: true description: Whether or not DKIM has been enabled for this domain / identity dkimTokens: type: array items: type: string example: - uq1m3jjk25ckd3whl4n7y46c56r5l6aq - u7pm38jky9ckdawhlsn7y4dcj6f5lpgq - uhpm3jjkjjckdkwhlqn7yw6cjer5tpay description: The tokens to be added to a DNS for verification dkimVerificationStatus: type: string example: Success description: The current status if the domain /identity has been verified. Ie Success, Failed, Pending description: DKIM attributes for a domain or identity DomainAddress: type: object title: Domain Address properties: domain: type: string example: sailpoint.com description: A domain address DomainStatusDto: type: object title: Domain Status Dto properties: id: type: string example: 123b45b0-aaaa-bbbb-a7db-123456a56abc description: New UUID associated with domain to be verified domain: type: string example: sailpoint.com description: A domain address dkimEnabled: default: false example: true description: DKIM is enabled for this domain dkimTokens: type: array items: type: string example: - token1 - token2 - token3 description: DKIM tokens required for authentication dkimVerificationStatus: type: string example: PENDING description: Status of DKIM authentication description: Domain status DTO containing everything required to verify via DKIM WorkgroupDto: type: object properties: owner: allOf: - $ref: '#/components/schemas/OwnerDto' - type: object properties: displayName: readOnly: true description: The display name of the identity type: string example: Support emailAddress: readOnly: true description: The primary email address of the identity type: string example: support@sailpoint.com description: Governance group owner. id: type: string description: Governance group ID. example: 2c91808568c529c60168cca6f90c1313 readOnly: true name: type: string description: Governance group name. example: DB Access Governance Group description: type: string description: Governance group description. example: Description of the Governance Group memberCount: type: integer format: int64 example: 1641498673000 readOnly: true description: Number of members in the governance group. connectionCount: type: integer format: int64 example: 1641498673000 description: Number of connections in the governance group. readOnly: true created: type: string format: date-time example: '2022-01-06T19:51:13Z' modified: type: string format: date-time example: '2022-01-06T19:51:13Z' WorkgroupBulkDeleteRequest: type: object properties: ids: description: List of IDs of Governance Groups to be deleted. type: array items: type: string example: - 567a697e-885b-495a-afc5-d55e1c23a302 - c7b0f7b2-1e78-4063-b294-a555333dacd2 WorkgroupDeleteItem: type: object properties: id: description: Id of the Governance Group. type: string example: 464ae7bf791e49fdb74606a2e4a89635 status: type: integer format: int32 description: | The HTTP response status code returned for an individual Governance Group that is requested for deletion during a bulk delete operation. > 204 - Governance Group deleted successfully. > 409 - Governance Group is in use,hence can not be deleted. > 404 - Governance Group not found. example: 204 description: description: | Human readable status description and containing additional context information about success or failures etc. example: | > Governance Group deleted successfully. > Unable to delete Governance Group f80bba83-98c4-4ec2-81c8-373c00e9663b because it is in use. > Referenced Governance Group 2b711763-ed35-42a2-a80c-8f1ce0dc4a7f was not found. type: string required: - id - status WorkgroupBulkDeleteResponse: description: Bulk remove Governance Groups Response. type: array items: $ref: '#/components/schemas/WorkgroupDeleteItem' example: - id: 464ae7bf791e49fdb74606a2e4a89635 status: 204 description: Governance Group deleted successfully. ConnectedObjectType: type: string enum: - ACCESS_PROFILE - ROLE - SOD_POLICY - SOURCE description: An enumeration of the types of Objects associated with a Governance Group. Supported object types are ACCESS_PROFILE, ROLE, SOD_POLICY and SOURCE. example: ACCESS_PROFILE ConnectedObject: type: object properties: type: allOf: - $ref: '#/components/schemas/ConnectedObjectType' - description: Connection Object type id: type: string description: ID of the object to which this reference applies example: 2c91808568c529c60168cca6f90c1313 name: type: string description: Human-readable name of Connected object example: Employee-database-read-write description: type: string nullable: true description: Description of the Connected object. example: Collection of entitlements to read/write the employee database. WorkgroupConnectionDto: type: object properties: object: allOf: - $ref: '#/components/schemas/ConnectedObject' - description: Connected object to Governance Group connectionType: description: Connection Type. type: string enum: - AccessRequestReviewer - Owner - ManagementWorkgroup example: AccessRequestReviewer BulkWorkgroupMembersRequest: description: List of identities to be added or removed to a Governance Group members list. type: array items: type: object description: Identity's basic details. properties: type: type: string description: Identity's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Identity ID. example: 2c7180a46faadee4016fb4e018c20642 name: type: string description: Identity's display name. example: Michael Michaels example: - type: IDENTITY id: 464ae7bf791e49fdb74606a2e4a89635 name: Addie Smith WorkgroupMemberAddItem: type: object properties: id: description: Identifier of identity in bulk member add request. type: string example: 464ae7bf791e49fdb74606a2e4a89635 status: description: | The HTTP response status code returned for an individual member that is requested for addition during a bulk add operation. The HTTP response status code returned for an individual Governance Group is requested for deletion. > 201 - Identity is added into Governance Group members list. > 409 - Identity is already member of Governance Group. type: integer format: int32 example: 201 description: description: | Human readable status description and containing additional context information about success or failures etc. type: string example: | > Identity is added into Governance Group members list. > Unable to set Membership of Identity "3244d5f2d04447498520f54c6789ae33" to Governance Group "f80bba83-98c4-4ec2-81c8-373c00e9663b"; the relationship already exists. required: - id - status WorkgroupMemberBulkAddResponse: description: Bulk add Governance Group members Response. type: array items: $ref: '#/components/schemas/WorkgroupMemberAddItem' example: - id: 464ae7bf791e49fdb74606a2e4a89635 status: 201 description: Identity added to Governance Group members list. WorkgroupMemberDeleteItem: type: object properties: id: description: Identifier of identity in bulk member add /remove request. type: string example: 464ae7bf791e49fdb74606a2e4a89635 status: description: | The HTTP response status code returned for an individual member that is requested for deletion during a bulk delete operation. > 204 - Identity is removed from Governance Group members list. > 404 - Identity is not member of Governance Group. type: integer format: int32 example: 204 description: description: | Human readable status description and containing additional context information about success or failures etc. type: string example: | > Identity deleted from Governance Group members list. > Referenced Governance Group Member with Identity Id "bc3a744678534eb78a8002ee2085df64" was not found. required: - id - status WorkgroupMemberBulkDeleteResponse: description: Bulk add Governance Group members Response. type: array items: $ref: '#/components/schemas/WorkgroupMemberDeleteItem' example: - id: 464ae7bf791e49fdb74606a2e4a89635 status: 204 description: Identity deleted from Governance Group members list. FormOwner: properties: type: description: |- FormOwnerType value. IDENTITY FormOwnerTypeIdentity enum: - IDENTITY example: IDENTITY type: string x-go-enum-desc: IDENTITY FormOwnerTypeIdentity x-go-name: Type id: description: Unique identifier of the form's owner. example: 2c9180867624cbd7017642d8c8c81f67 type: string x-go-name: ID name: description: Name of the form's owner. example: Grant Smith type: string type: object x-go-package: github.com/sailpoint/sp-forms/domain FormUsedBy: properties: type: description: |- FormUsedByType value. WORKFLOW FormUsedByTypeWorkflow SOURCE FormUsedByTypeSource MySailPoint FormUsedByType enum: - WORKFLOW - SOURCE - MySailPoint example: WORKFLOW type: string x-go-enum-desc: |- WORKFLOW FormUsedByTypeWorkflow SOURCE FormUsedByTypeSource x-go-name: Type id: description: Unique identifier of the system using the form. example: 61940a92-5484-42bc-bc10-b9982b218cdf type: string x-go-name: ID name: description: Name of the system using the form. example: Access Request Form type: string type: object x-go-package: github.com/sailpoint/sp-forms/domain FormDefinitionInput: properties: id: description: Unique identifier for the form input. example: 00000000-0000-0000-0000-000000000000 type: string x-go-name: ID type: description: |- FormDefinitionInputType value. STRING FormDefinitionInputTypeString enum: - STRING - ARRAY example: STRING type: string x-go-enum-desc: STRING FormDefinitionInputTypeString x-go-name: Type label: description: Name for the form input. example: input1 type: string x-go-name: Label description: description: Form input's description. example: A single dynamic scalar value (i.e. number, string, date, etc.) that can be passed into the form for use in conditional logic type: string x-go-name: Description type: object x-go-package: github.com/sailpoint/sp-forms/domain FormElementValidationsSet: description: Set of FormElementValidation items. type: object properties: validationType: description: The type of data validation that you wish to enforce, e.g., a required field, a minimum length, etc. example: REQUIRED type: string enum: - REQUIRED - MIN_LENGTH - MAX_LENGTH - REGEX - DATE - MAX_DATE - MIN_DATE - LESS_THAN_DATE - PHONE - EMAIL - DATA_SOURCE - TEXTAREA x-go-package: github.com/sailpoint/sp-forms/domain FormElement: properties: id: description: Form element identifier. example: 00000000-0000-0000-0000-000000000000 type: string x-go-name: ID elementType: description: |- FormElementType value. TEXT FormElementTypeText TOGGLE FormElementTypeToggle TEXTAREA FormElementTypeTextArea HIDDEN FormElementTypeHidden PHONE FormElementTypePhone EMAIL FormElementTypeEmail SELECT FormElementTypeSelect DATE FormElementTypeDate SECTION FormElementTypeSection COLUMN_SET FormElementTypeColumns IMAGE FormElementTypeImage DESCRIPTION FormElementTypeDescription enum: - TEXT - TOGGLE - TEXTAREA - HIDDEN - PHONE - EMAIL - SELECT - DATE - SECTION - COLUMN_SET - IMAGE - DESCRIPTION example: TEXT type: string x-go-name: ElementType config: additionalProperties: true description: Config object. example: label: Department type: object x-go-name: Config x-go-enum-desc: |- TEXT FormElementTypeText TOGGLE FormElementTypeToggle TEXTAREA FormElementTypeTextArea HIDDEN FormElementTypeHidden PHONE FormElementTypePhone EMAIL FormElementTypeEmail SELECT FormElementTypeSelect DATE FormElementTypeDate SECTION FormElementTypeSection COLUMNS FormElementTypeColumns key: description: Technical key. example: department type: string x-go-name: Key validations: nullable: true type: array items: $ref: '#/components/schemas/FormElementValidationsSet' type: object x-go-package: github.com/sailpoint/sp-forms/domain ConditionRule: properties: sourceType: description: |- Defines the type of object being selected. It will be either a reference to a form input (by input name) or a form element (by technical key). INPUT ConditionRuleSourceTypeInput ELEMENT ConditionRuleSourceTypeElement enum: - INPUT - ELEMENT example: ELEMENT type: string x-go-enum-desc: |- INPUT ConditionRuleSourceTypeInput ELEMENT ConditionRuleSourceTypeElement x-go-name: SourceType source: description: |- Source - if the sourceType is ConditionRuleSourceTypeInput, the source type is the name of the form input to accept. However, if the sourceType is ConditionRuleSourceTypeElement, the source is the name of a technical key of an element to retrieve its value. example: department type: string x-go-name: Source operator: description: |- ConditionRuleComparisonOperatorType value. EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality. NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality. CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value. NOT_CO ConditionRuleComparisonOperatorTypeNotContains IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values. NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes EM ConditionRuleComparisonOperatorTypeEmpty NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive. NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive. NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith enum: - EQ - NE - CO - NOT_CO - IN - NOT_IN - EM - NOT_EM - SW - NOT_SW - EW - NOT_EW example: EQ type: string x-go-enum-desc: |- EQ ConditionRuleComparisonOperatorTypeEquals This comparison operator compares the source and target for equality. NE ConditionRuleComparisonOperatorTypeNotEquals This comparison operator compares the source and target for inequality. CO ConditionRuleComparisonOperatorTypeContains This comparison operator searches the source to see whether it contains the value. NOT_CO ConditionRuleComparisonOperatorTypeNotContains IN ConditionRuleComparisonOperatorTypeIncludes This comparison operator searches the source if it equals any of the values. NOT_IN ConditionRuleComparisonOperatorTypeNotIncludes EM ConditionRuleComparisonOperatorTypeEmpty NOT_EM ConditionRuleComparisonOperatorTypeNotEmpty SW ConditionRuleComparisonOperatorTypeStartsWith Checks whether a string starts with another substring of the same string. This operator is case-sensitive. NOT_SW ConditionRuleComparisonOperatorTypeNotStartsWith EW ConditionRuleComparisonOperatorTypeEndsWith Checks whether a string ends with another substring of the same string. This operator is case-sensitive. NOT_EW ConditionRuleComparisonOperatorTypeNotEndsWith x-go-name: Operator valueType: description: |- ConditionRuleValueType type. STRING ConditionRuleValueTypeString This value is a static string. STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values. INPUT ConditionRuleValueTypeInput This value is a reference to a form input. ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key). LIST ConditionRuleValueTypeList BOOLEAN ConditionRuleValueTypeBoolean enum: - STRING - STRING_LIST - INPUT - ELEMENT - LIST - BOOLEAN example: STRING type: string x-go-enum-desc: |- STRING ConditionRuleValueTypeString This value is a static string. STRING_LIST ConditionRuleValueTypeStringList This value is an array of string values. INPUT ConditionRuleValueTypeInput This value is a reference to a form input. ELEMENT ConditionRuleValueTypeElement This value is a reference to a form element (by technical key). LIST ConditionRuleValueTypeList BOOLEAN ConditionRuleValueTypeBoolean x-go-name: ValueType value: type: string description: Based on the ValueType. example: Engineering x-go-name: Value type: object x-go-package: github.com/sailpoint/sp-forms/domain ConditionEffect: description: Effect produced by a condition. properties: effectType: description: |- Type of effect to perform when the conditions are evaluated for this logic block. HIDE ConditionEffectTypeHide Disables validations. SHOW ConditionEffectTypeShow Enables validations. DISABLE ConditionEffectTypeDisable Disables validations. ENABLE ConditionEffectTypeEnable Enables validations. REQUIRE ConditionEffectTypeRequire OPTIONAL ConditionEffectTypeOptional SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose. enum: - HIDE - SHOW - DISABLE - ENABLE - REQUIRE - OPTIONAL - SUBMIT_MESSAGE - SUBMIT_NOTIFICATION - SET_DEFAULT_VALUE example: HIDE type: string x-go-enum-desc: |- HIDE ConditionEffectTypeHide Disables validations. SHOW ConditionEffectTypeShow Enables validations. DISABLE ConditionEffectTypeDisable Disables validations. ENABLE ConditionEffectTypeEnable Enables validations. REQUIRE ConditionEffectTypeRequire OPTIONAL ConditionEffectTypeOptional SUBMIT_MESSAGE ConditionEffectTypeSubmitMessage SUBMIT_NOTIFICATION ConditionEffectTypeSubmitNotification SET_DEFAULT_VALUE ConditionEffectTypeSetDefaultValue This value is ignored on purpose. x-go-name: EffectType config: description: Arbitrary map containing a configuration based on the EffectType. type: object properties: defaultValueLabel: type: string description: Effect type's label. example: Access to Remove element: type: string description: Element's identifier. example: 8110662963316867 x-go-name: Config type: object x-go-package: github.com/sailpoint/sp-forms/domain FormCondition: description: Represent a form conditional. properties: ruleOperator: description: |- ConditionRuleLogicalOperatorType value. AND ConditionRuleLogicalOperatorTypeAnd OR ConditionRuleLogicalOperatorTypeOr enum: - AND - OR example: AND type: string x-go-enum-desc: |- AND ConditionRuleLogicalOperatorTypeAnd OR ConditionRuleLogicalOperatorTypeOr x-go-name: RuleOperator rules: description: List of rules. items: $ref: '#/components/schemas/ConditionRule' type: array x-go-name: Rules effects: description: List of effects. items: $ref: '#/components/schemas/ConditionEffect' type: array x-go-name: Effects type: object x-go-package: github.com/sailpoint/sp-forms/domain FormDefinitionResponse: properties: id: description: Unique guid identifying the form definition. example: 00000000-0000-0000-0000-000000000000 type: string x-go-name: FormDefinitionID name: description: Name of the form definition. example: My form type: string x-go-name: Name description: description: Form definition's description. example: My form description type: string x-go-name: Description owner: $ref: '#/components/schemas/FormOwner' usedBy: description: List of objects using the form definition. Whenever a system uses a form, the API reaches out to the form service to record that the system is currently using it. items: $ref: '#/components/schemas/FormUsedBy' type: array x-go-name: UsedBy formInput: description: List of form inputs required to create a form-instance object. items: $ref: '#/components/schemas/FormDefinitionInput' type: array x-go-name: FormInput formElements: description: List of nested form elements. items: $ref: '#/components/schemas/FormElement' type: array x-go-name: FormElements formConditions: description: Conditional logic that can dynamically modify the form as the recipient is interacting with it. items: $ref: '#/components/schemas/FormCondition' type: array x-go-name: FormConditions created: description: Created is the date the form definition was created example: '2023-07-12T20:14:57.74486Z' format: date-time type: string x-go-name: Created modified: description: Modified is the last date the form definition was modified example: '2023-07-12T20:14:57.74486Z' format: date-time type: string x-go-name: Modified type: object x-go-package: github.com/sailpoint/sp-forms/domain ListFormDefinitionsByTenantResponse: properties: count: description: Count number of results. example: 1 format: int64 type: integer results: description: List of FormDefinitionResponse items. items: $ref: '#/components/schemas/FormDefinitionResponse' type: array type: object ErrorMessage: title: ErrorMessage is the standard API error response message type. type: object properties: locale: description: Locale is the current Locale example: en-US type: string x-go-name: Locale localeOrigin: description: LocaleOrigin holds possible values of how the locale was selected example: DEFAULT type: string x-go-name: LocaleOrigin text: description: Text is the actual text of the error message example: This is an error type: string x-go-name: Text x-go-package: github.com/sailpoint/atlas-go/atlas/web Error: title: Error is the standard API error response type. type: object properties: detailCode: description: DetailCode is the text of the status code returned example: Internal Server Error type: string x-go-name: DetailCode messages: type: array items: $ref: '#/components/schemas/ErrorMessage' x-go-name: Messages trackingId: description: TrackingID is the request tracking unique identifier example: 9cd03ef80e6a425eb6b11bdbb057cdb4 type: string x-go-name: TrackingID x-go-package: github.com/sailpoint/atlas-go/atlas/web CreateFormDefinitionRequest: properties: description: description: Description is the form definition description example: My form description maxLength: 2000 minLength: 0 type: string x-go-name: Description formConditions: description: FormConditions is the conditional logic that modify the form dynamically modify the form as the recipient is interacting out the form items: $ref: '#/components/schemas/FormCondition' type: array x-go-name: FormConditions formElements: description: FormElements is a list of nested form elements items: $ref: '#/components/schemas/FormElement' type: array x-go-name: FormElements formInput: description: FormInput is a list of form inputs that are required when creating a form-instance object items: $ref: '#/components/schemas/FormDefinitionInput' type: array x-go-name: FormInput name: description: Name is the form definition name example: My form maxLength: 255 type: string x-go-name: Name owner: $ref: '#/components/schemas/FormOwner' usedBy: description: UsedBy is a list of objects where when any system uses a particular form it reaches out to the form service to record it is currently being used items: $ref: '#/components/schemas/FormUsedBy' type: array x-go-name: UsedBy required: - name - owner type: object x-go-package: github.com/sailpoint/sp-forms/domain Nil: title: Nil represents the predeclared value nil. type: object x-go-package: go/types Operation-2: title: Operation is a single JSON-Patch step, such as a single 'add' operation. type: object additionalProperties: type: object properties: {} x-go-package: github.com/evanphx/json-patch Patch: title: Patch is an ordered collection of Operations. description: Patch is an ordered collection of Operations. type: array example: - op: replace path: /description value: a new description items: $ref: '#/components/schemas/Operation-2' x-go-package: github.com/evanphx/json-patch FormElementDynamicDataSourceConfig: properties: aggregationBucketField: description: AggregationBucketField is the aggregation bucket field name example: attributes.cloudStatus.exact type: string x-go-name: AggregationBucketField indices: description: Indices is a list of indices to use example: - identities items: enum: - accessprofiles - accountactivities - entitlements - identities - events - roles - '*' type: string x-go-enum-desc: |- accessprofiles SearchIndexAccessProfiles accountactivities SearchIndexAccountActivities entitlements SearchIndexEntitlements identities SearchIndexIdentities events SearchIndexEvents roles SearchIndexRoles * SearchIndexWildcard type: array x-go-name: Indices objectType: description: |- ObjectType is a PreDefinedSelectOption value IDENTITY PreDefinedSelectOptionIdentity ACCESS_PROFILE PreDefinedSelectOptionAccessProfile SOURCES PreDefinedSelectOptionSources ROLE PreDefinedSelectOptionRole ENTITLEMENT PreDefinedSelectOptionEntitlement enum: - IDENTITY - ACCESS_PROFILE - SOURCES - ROLE - ENTITLEMENT example: IDENTITY type: string x-go-enum-desc: |- IDENTITY PreDefinedSelectOptionIdentity ACCESS_PROFILE PreDefinedSelectOptionAccessProfile SOURCES PreDefinedSelectOptionSources ROLE PreDefinedSelectOptionRole ENTITLEMENT PreDefinedSelectOptionEntitlement x-go-name: ObjectType query: description: Query is a text example: '*' type: string x-go-name: Query type: object x-go-package: github.com/sailpoint/sp-forms/domain FormElementDynamicDataSource: properties: config: $ref: '#/components/schemas/FormElementDynamicDataSourceConfig' dataSourceType: description: |- DataSourceType is a FormElementDataSourceType value STATIC FormElementDataSourceTypeStatic INTERNAL FormElementDataSourceTypeInternal SEARCH FormElementDataSourceTypeSearch FORM_INPUT FormElementDataSourceTypeFormInput enum: - STATIC - INTERNAL - SEARCH - FORM_INPUT example: STATIC type: string x-go-enum-desc: |- STATIC FormElementDataSourceTypeStatic INTERNAL FormElementDataSourceTypeInternal SEARCH FormElementDataSourceTypeSearch FORM_INPUT FormElementDataSourceTypeFormInput x-go-name: DataSourceType type: object x-go-package: github.com/sailpoint/sp-forms/domain FormElementPreviewRequest: properties: dataSource: $ref: '#/components/schemas/FormElementDynamicDataSource' type: object x-go-package: github.com/sailpoint/sp-forms/domain FormElementDataSourceConfigOptions: type: object properties: label: description: Label is the main label to display to the user when selecting this option type: string example: regression-test-access-request-07c55dd6-3056-430a-86b5-fccc395bb6c5 x-go-name: Label subLabel: description: SubLabel is the sub label to display below the label in diminutive styling to help describe or identify this option type: string example: '' x-go-name: SubLabel value: description: Value is the value to save as an entry when the user selects this option type: string example: e96674448eba4ca1ba04eee999a8f3cd x-go-name: Value x-go-package: github.com/sailpoint/sp-forms/domain PreviewDataSourceResponse: description: PreviewDataSourceResponse is the response sent by `/form-definitions/{formDefinitionID}/data-source` endpoint properties: results: description: Results holds a list of FormElementDataSourceConfigOptions items example: '{"results":[{"label":"Alfred 255e71dfc6e","subLabel":"Alfred.255e71dfc6e@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e16676"},{"label":"Alize eba9d4cd27da","subLabel":"Alize.eba9d4cd27da@testmail.identitysoon.com","value":"2c918084821847c5018227ced2f1667c"},{"label":"Antonina 01f69c3ea","subLabel":"Antonina.01f69c3ea@testmail.identitysoon.com","value":"2c918084821847c5018227ced2f9667e"},{"label":"Ardella 21e78ce155","subLabel":"Ardella.21e78ce155@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e6667a"},{"label":"Arnaldo d8582b6e17","subLabel":"Arnaldo.d8582b6e17@testmail.identitysoon.com","value":"2c918084821847c5018227ced3426686"},{"label":"Aurelia admin24828","subLabel":"Aurelia.admin24828@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e16674"},{"label":"Barbara 72ca418fdd","subLabel":"Barbara.72ca418fdd@testmail.identitysoon.com","value":"2c918084821847c5018227ced2fb6680"},{"label":"Barbara ee1a2436ee","subLabel":"Barbara.ee1a2436ee@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e56678"},{"label":"Baylee 652d72432f3","subLabel":"Baylee.652d72432f3@testmail.identitysoon.com","value":"2c91808582184782018227ced28b6aee"},{"label":"Brock e76b56ae4d49","subLabel":"Brock.e76b56ae4d49@testmail.identitysoon.com","value":"2c91808582184782018227ced28b6aef"}]}' items: $ref: '#/components/schemas/FormElementDataSourceConfigOptions' type: array x-go-name: Results type: object x-go-package: github.com/sailpoint/sp-forms/domain FormDefinitionSelfImportExportDto: type: object description: Self block for imported/exported object. properties: type: type: string description: Imported/exported object's DTO type. enum: - FORM_DEFINITION example: FORM_DEFINITION id: type: string description: Imported/exported object's ID. example: 2c9180835d191a86015d28455b4b232a name: type: string description: Imported/exported object's display name. example: Temporary User Level Permissions - Requester FormDefinitionDynamicSchemaRequest: properties: attributes: properties: formDefinitionId: description: FormDefinitionID is a unique guid identifying this form definition example: 00000000-0000-0000-0000-000000000000 type: string x-go-name: FormDefinitionID type: object x-go-name: Attributes description: description: Description is the form definition dynamic schema description text example: A description type: string x-go-name: Description id: description: ID is a unique identifier example: 00000000-0000-0000-0000-000000000000 type: string x-go-name: ID type: description: Type is the form definition dynamic schema type example: action type: string x-go-name: Type versionNumber: description: VersionNumber is the form definition dynamic schema version number example: 1 format: int64 type: integer x-go-name: VersionNumber type: object x-go-package: github.com/sailpoint/sp-forms/domain FormDefinitionDynamicSchemaResponse: properties: outputSchema: additionalProperties: {} description: OutputSchema holds a JSON schema generated dynamically example: outputSchema: $schema: https://json-schema.org/draft/2020-12/schema additionalProperties: false properties: firstName: title: First Name type: string fullName: title: Full Name type: string lastName: title: Last Name type: string startDate: format: date-time title: Start Date type: string type: object type: object x-go-name: OutputSchema type: object x-go-package: github.com/sailpoint/sp-forms/domain FormDefinitionFileUploadResponse: type: object properties: created: type: string description: Created is the date the file was uploaded example: '2023-07-12T20:14:57.74486Z' x-go-name: Created fileId: type: string description: fileId is a unique ULID that serves as an identifier for the form definition file example: 01FHZXHK8PTP9FVK99Z66GXQTX.png x-go-name: FileID formDefinitionId: type: string description: FormDefinitionID is a unique guid identifying this form definition example: 00000000-0000-0000-0000-000000000000 x-go-name: FormDefinitionID x-go-package: github.com/sailpoint/sp-forms/internal/rest/response FormInstanceCreatedBy: properties: id: description: ID is a unique identifier example: 00000000-0000-0000-0000-000000000000 type: string x-go-name: ID type: description: |- Type is a form instance created by type enum value WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution SOURCE FormInstanceCreatedByTypeSource enum: - WORKFLOW_EXECUTION - SOURCE example: WORKFLOW_EXECUTION type: string x-go-enum-desc: |- WORKFLOW_EXECUTION FormInstanceCreatedByTypeWorkflowExecution SOURCE FormInstanceCreatedByTypeSource x-go-name: Type type: object x-go-package: github.com/sailpoint/sp-forms/domain FormError: properties: key: description: Key is the technical key example: department type: string x-go-name: Key messages: description: Messages is a list of web.ErrorMessage items items: $ref: '#/components/schemas/ErrorMessage' type: array x-go-name: Messages value: description: Value is the value associated with a Key example: Engineering x-go-name: Value type: object x-go-package: github.com/sailpoint/sp-forms/domain FormInstanceRecipient: properties: id: description: ID is a unique identifier example: 00000000-0000-0000-0000-000000000000 type: string x-go-name: ID type: description: |- Type is a FormInstanceRecipientType value IDENTITY FormInstanceRecipientIdentity enum: - IDENTITY example: IDENTITY type: string x-go-enum-desc: IDENTITY FormInstanceRecipientIdentity x-go-name: Type type: object x-go-package: github.com/sailpoint/sp-forms/domain ListFormInstancesByTenantResponse: type: object description: List of FormInstanceResponse items properties: id: description: Unique guid identifying this form instance example: 06a2d961-07fa-44d1-8d0a-2f6470e30fd2 type: string x-go-name: FormInstanceID expire: description: Expire is the maximum amount of time that a form can be in progress. After this time is reached then the form will be moved to a CANCELED state automatically. The user will no longer be able to complete the submission. When a form instance is expires an audit log will be generated for that record example: '2023-08-12T20:14:57.74486Z' type: string x-go-name: Expire state: description: |- State the state of the form instance ASSIGNED FormInstanceStateAssigned IN_PROGRESS FormInstanceStateInProgress SUBMITTED FormInstanceStateSubmitted COMPLETED FormInstanceStateCompleted CANCELLED FormInstanceStateCancelled enum: - ASSIGNED - IN_PROGRESS - SUBMITTED - COMPLETED - CANCELLED example: ASSIGNED type: string x-go-enum-desc: |- ASSIGNED FormInstanceStateAssigned IN_PROGRESS FormInstanceStateInProgress SUBMITTED FormInstanceStateSubmitted COMPLETED FormInstanceStateCompleted CANCELLED FormInstanceStateCancelled x-go-name: State standAloneForm: default: false description: StandAloneForm is a boolean flag to indicate if this form should be available for users to complete via the standalone form UI or should this only be available to be completed by as an embedded form example: false type: boolean x-go-name: StandAloneForm standAloneFormUrl: description: StandAloneFormURL is the URL where this form may be completed by the designated recipients using the standalone form UI example: https://my-org.identitynow.com/ui/d/forms/00000000-0000-0000-0000-000000000000 type: string x-go-name: StandAloneFormURL createdBy: $ref: '#/components/schemas/FormInstanceCreatedBy' formDefinitionId: description: FormDefinitionID is the id of the form definition that created this form example: 49841cb8-00a5-4fbd-9888-8bbb28d48331 type: string x-go-name: FormDefinitionID formInput: additionalProperties: {} nullable: true description: FormInput is an object of form input labels to value example: input1: Sales type: object x-go-name: FormInput formElements: description: FormElements is the configuration of the form, this would be a repeat of the fields from the form-config items: $ref: '#/components/schemas/FormElement' type: array x-go-name: FormElements formData: nullable: true additionalProperties: true description: FormData is the data provided by the form on submit. The data is in a key -> value map example: department: Engineering type: object x-go-name: FormData formErrors: description: FormErrors is an array of form validation errors from the last time the form instance was transitioned to the SUBMITTED state. If the form instance had validation errors then it would be moved to the IN PROGRESS state where the client can retrieve these errors items: $ref: '#/components/schemas/FormError' type: array x-go-name: FormErrors formConditions: description: FormConditions is the conditional logic that modify the form dynamically modify the form as the recipient is interacting out the form items: $ref: '#/components/schemas/FormCondition' type: array x-go-name: FormConditions created: description: Created is the date the form instance was assigned example: '2023-07-12T20:14:57.74486Z' format: date-time type: string x-go-name: Created modified: description: Modified is the last date the form instance was modified example: '2023-07-12T20:14:57.74486Z' format: date-time type: string x-go-name: Modified recipients: description: Recipients references to the recipient of a form. The recipients are those who are responsible for filling out a form and completing it items: $ref: '#/components/schemas/FormInstanceRecipient' type: array x-go-name: Recipients x-go-package: github.com/sailpoint/sp-forms/domain CreateFormInstanceRequest: properties: createdBy: $ref: '#/components/schemas/FormInstanceCreatedBy' expire: description: Expire is required example: '2023-08-12T20:14:57.74486Z' type: string x-go-name: Expire formDefinitionId: description: FormDefinitionID is the id of the form definition that created this form example: 00000000-0000-0000-0000-000000000000 type: string x-go-name: FormDefinitionID formInput: additionalProperties: true description: FormInput is an object of form input labels to value example: input1: Sales type: object x-go-name: FormInput recipients: description: Recipients is required items: $ref: '#/components/schemas/FormInstanceRecipient' type: array x-go-name: Recipients standAloneForm: default: false description: StandAloneForm is a boolean flag to indicate if this form should be available for users to complete via the standalone form UI or should this only be available to be completed by as an embedded form example: false type: boolean x-go-name: StandAloneForm state: description: |- State is required, if not present initial state is FormInstanceStateAssigned ASSIGNED FormInstanceStateAssigned IN_PROGRESS FormInstanceStateInProgress SUBMITTED FormInstanceStateSubmitted COMPLETED FormInstanceStateCompleted CANCELLED FormInstanceStateCancelled enum: - ASSIGNED - IN_PROGRESS - SUBMITTED - COMPLETED - CANCELLED example: ASSIGNED type: string x-go-enum-desc: |- ASSIGNED FormInstanceStateAssigned IN_PROGRESS FormInstanceStateInProgress SUBMITTED FormInstanceStateSubmitted COMPLETED FormInstanceStateCompleted CANCELLED FormInstanceStateCancelled x-go-name: State ttl: description: |- TTL an epoch timestamp in seconds, it most be in seconds or dynamodb will ignore it SEE: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/time-to-live-ttl-before-you-start.html example: 1571827560 format: int64 type: integer x-go-name: TTL required: - expire - recipients - createdBy - formDefinitionId type: object x-go-package: github.com/sailpoint/sp-forms/domain FormInstanceResponse: properties: id: description: Unique guid identifying this form instance example: 06a2d961-07fa-44d1-8d0a-2f6470e30fd2 type: string x-go-name: FormInstanceID expire: description: Expire is the maximum amount of time that a form can be in progress. After this time is reached then the form will be moved to a CANCELED state automatically. The user will no longer be able to complete the submission. When a form instance is expires an audit log will be generated for that record example: '2023-08-12T20:14:57.74486Z' type: string x-go-name: Expire state: description: |- State the state of the form instance ASSIGNED FormInstanceStateAssigned IN_PROGRESS FormInstanceStateInProgress SUBMITTED FormInstanceStateSubmitted COMPLETED FormInstanceStateCompleted CANCELLED FormInstanceStateCancelled enum: - ASSIGNED - IN_PROGRESS - SUBMITTED - COMPLETED - CANCELLED example: ASSIGNED type: string x-go-enum-desc: |- ASSIGNED FormInstanceStateAssigned IN_PROGRESS FormInstanceStateInProgress SUBMITTED FormInstanceStateSubmitted COMPLETED FormInstanceStateCompleted CANCELLED FormInstanceStateCancelled x-go-name: State standAloneForm: default: false description: StandAloneForm is a boolean flag to indicate if this form should be available for users to complete via the standalone form UI or should this only be available to be completed by as an embedded form example: false type: boolean x-go-name: StandAloneForm standAloneFormUrl: description: StandAloneFormURL is the URL where this form may be completed by the designated recipients using the standalone form UI example: https://my-org.identitynow.com/ui/d/forms/00000000-0000-0000-0000-000000000000 type: string x-go-name: StandAloneFormURL createdBy: $ref: '#/components/schemas/FormInstanceCreatedBy' formDefinitionId: description: FormDefinitionID is the id of the form definition that created this form example: 49841cb8-00a5-4fbd-9888-8bbb28d48331 type: string x-go-name: FormDefinitionID formInput: additionalProperties: {} nullable: true description: FormInput is an object of form input labels to value example: input1: Sales type: object x-go-name: FormInput formElements: description: FormElements is the configuration of the form, this would be a repeat of the fields from the form-config items: $ref: '#/components/schemas/FormElement' type: array x-go-name: FormElements formData: nullable: true additionalProperties: true description: FormData is the data provided by the form on submit. The data is in a key -> value map example: department: Engineering type: object x-go-name: FormData formErrors: description: FormErrors is an array of form validation errors from the last time the form instance was transitioned to the SUBMITTED state. If the form instance had validation errors then it would be moved to the IN PROGRESS state where the client can retrieve these errors items: $ref: '#/components/schemas/FormError' type: array x-go-name: FormErrors formConditions: description: FormConditions is the conditional logic that modify the form dynamically modify the form as the recipient is interacting out the form items: $ref: '#/components/schemas/FormCondition' type: array x-go-name: FormConditions created: description: Created is the date the form instance was assigned example: '2023-07-12T20:14:57.74486Z' format: date-time type: string x-go-name: Created modified: description: Modified is the last date the form instance was modified example: '2023-07-12T20:14:57.74486Z' format: date-time type: string x-go-name: Modified recipients: description: Recipients references to the recipient of a form. The recipients are those who are responsible for filling out a form and completing it items: $ref: '#/components/schemas/FormInstanceRecipient' type: array x-go-name: Recipients type: object x-go-package: github.com/sailpoint/sp-forms/domain ListFormElementDataByElementIDResponse: properties: results: description: Results holds a list of FormElementDataSourceConfigOptions items example: '{"results":[{"label":"Alfred 255e71dfc6e","subLabel":"Alfred.255e71dfc6e@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e16676"},{"label":"Alize eba9d4cd27da","subLabel":"Alize.eba9d4cd27da@testmail.identitysoon.com","value":"2c918084821847c5018227ced2f1667c"},{"label":"Antonina 01f69c3ea","subLabel":"Antonina.01f69c3ea@testmail.identitysoon.com","value":"2c918084821847c5018227ced2f9667e"},{"label":"Ardella 21e78ce155","subLabel":"Ardella.21e78ce155@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e6667a"},{"label":"Arnaldo d8582b6e17","subLabel":"Arnaldo.d8582b6e17@testmail.identitysoon.com","value":"2c918084821847c5018227ced3426686"},{"label":"Aurelia admin24828","subLabel":"Aurelia.admin24828@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e16674"},{"label":"Barbara 72ca418fdd","subLabel":"Barbara.72ca418fdd@testmail.identitysoon.com","value":"2c918084821847c5018227ced2fb6680"},{"label":"Barbara ee1a2436ee","subLabel":"Barbara.ee1a2436ee@testmail.identitysoon.com","value":"2c918084821847c5018227ced2e56678"},{"label":"Baylee 652d72432f3","subLabel":"Baylee.652d72432f3@testmail.identitysoon.com","value":"2c91808582184782018227ced28b6aee"},{"label":"Brock e76b56ae4d49","subLabel":"Brock.e76b56ae4d49@testmail.identitysoon.com","value":"2c91808582184782018227ced28b6aef"}]}' items: $ref: '#/components/schemas/FormElementDataSourceConfigOptions' type: array x-go-name: Results type: object x-go-package: github.com/sailpoint/sp-forms/domain PreDefinedSelectOption: type: string description: PreDefinedSelectOption pre-defined select options example: IDENTITY x-go-package: github.com/sailpoint/sp-forms/domain ListPredefinedSelectOptionsResponse: type: object properties: results: description: Results holds a list of PreDefinedSelectOption items type: array items: $ref: '#/components/schemas/PreDefinedSelectOption' x-go-name: Results x-go-package: github.com/sailpoint/sp-forms/domain AccessRequestIdentityMetrics: type: object title: Access Request Identity Metrics properties: identitiesWithAccess: type: integer format: int64 nullable: true description: A count of the provided manager's direct reports that have already been granted the access item in question. example: 8 identitiesWithActivity: type: integer format: int64 nullable: true description: A count of the provided manager's direct reports that have activity within the associated source. example: 5 totalIdentities: type: integer format: int64 nullable: true description: Total number of identities who share a manager with the identity requesting access. example: 10 squadAvailable: type: boolean default: false description: True if the manager's ID can be found. False if the manager's ID cannot be found. example: true validActivityObject: type: boolean default: false description: True if the requested access item is associated with a single Activity Data Insights connector source. False if the requested access item type is a role. If it's a role, it matches to multiple sources, so a single relevant source can't be determined for activity metrics. example: true activitySourceConfigured: type: boolean default: false description: True if the Activity Data Insights connector is configured for the source associated with the requested access item. False if the matching Activity Data Insights connector is not configured. example: true requestedObjectActive: type: boolean default: false description: True if the requested access item exists and is available. False if the requested access item is either missing or deleted. example: true SedBatchStats: description: Sed Batch Stats type: object title: Sed Batch Stats properties: batchComplete: description: batch complete type: boolean example: true default: false batchId: description: batch Id format: uuid type: string example: 016629d1-1d25-463f-97f3-c6686846650 discoveredCount: description: discovered count format: int64 type: integer example: 100 discoveryComplete: description: discovery complete type: boolean example: true default: false processedCount: description: processed count format: int64 example: 100 type: integer SedBatchRecord: description: Sed Batch Record type: object title: Sed Batch Record properties: tenantId: type: string format: uuid description: The tenant ID associated with the batch. example: 123e4567-e89b-12d3-a456-426614174000 batchId: type: string format: uuid description: The unique ID of the batch. example: 016629d1-1d25-463f-97f3-c6686846650 name: type: string nullable: true description: The name of the batch. example: Example Batch Name processedState: type: string nullable: true description: The current state of the batch (e.g., submitted, materialized, completed). example: submitted | materialized | completed | failed requestedBy: type: string format: uuid description: The ID of the user who requested the batch. example: 987e6543-e21b-45d3-b123-123456789abc materializedCount: type: integer format: int32 description: The number of items materialized in the batch. example: 50 processedCount: type: integer format: int32 description: The number of items processed in the batch. example: 45 createdAt: type: string format: date-time description: The timestamp when the batch was created. example: '2023-10-01T12:00:00Z' updatedAt: type: string format: date-time nullable: true description: The timestamp when the batch was last updated. example: '2023-10-02T15:30:00Z' SearchCriteria: description: Represents the search criteria for querying entitlements. type: object title: Search Criteria properties: indices: type: array items: type: string description: A list of indices to search within. Must contain exactly one item, typically "entitlements". example: - entitlements filters: type: object additionalProperties: type: object properties: type: type: string description: The type of filter, e.g., "TERMS" or "RANGE". example: TERMS terms: type: array items: type: string description: Terms to filter by (for "TERMS" type). example: - active - inactive range: type: object properties: lower: type: object properties: value: type: string description: The lower bound value. example: '10' inclusive: type: boolean default: false description: Whether the lower bound is inclusive. example: true upper: type: object properties: value: type: string description: The upper bound value. example: '20' inclusive: type: boolean default: false description: Whether the upper bound is inclusive. example: false description: A map of filters applied to the search. Keys are filter names, and values are filter definitions. example: status: type: TERMS terms: - active - inactive query: type: object properties: query: type: string description: A structured query for advanced search. example: status:active queryType: type: string description: Specifies the type of query. Must be "TEXT" if `textQuery` is used. example: TEXT textQuery: type: object properties: terms: type: array items: type: string description: Terms to search for. example: - admin - user fields: type: array items: type: string description: Fields to search within. example: - role - name matchAny: type: boolean default: false description: Whether to match any of the terms. example: true includeNested: type: boolean default: false description: Whether to include nested objects in the search results. example: true sort: type: array items: type: string description: Specifies the sorting order for the results. example: - name:asc - createdAt:desc searchAfter: type: array items: type: string description: Used for pagination to fetch results after a specific point. example: - '12345' - '67890' required: - indices SedBatchRequest: description: Sed Batch Request type: object title: Sed Batch Request minProperties: 1 properties: entitlements: description: list of entitlement ids type: array nullable: true minItems: 1 items: type: string example: 016629d1-1d25-463f-97f3-c6686846650 seds: description: list of sed ids type: array nullable: true minItems: 1 items: type: string example: 016629d1-1d25-463f-97f3-c6686846650 searchCriteria: additionalProperties: $ref: '#/components/schemas/SearchCriteria' nullable: true description: Search criteria for the batch request. SedBatchResponse: description: Sed Batch Response type: object title: Sed Batch Response properties: batchId: description: BatchId that groups all the ids together format: uuid type: string example: 016629d1-1d25-463f-97f3-c6686846650 SedApproval: description: Sed Approval Request Body type: object title: Sed Approval properties: items: description: List of SED id's items: format: uuid type: string type: array example: 016629d1-1d25-463f-97f3-c6686846650 SedApprovalStatus: description: SED Approval Status type: object title: Sed Approval Status properties: failedReason: description: failed reason will be display if status is failed type: string example: invalid status id: description: Sed id format: uuid type: string example: 016629d1-1d25-463f-97f3-c6686846650 status: description: SUCCESS | FAILED example: SUCCESS type: string SedAssignee: description: Sed Assignee type: object title: Sed Assignee properties: type: description: |- Type of assignment When value is PERSONA, the value MUST be SOURCE_OWNER or ENTITLEMENT_OWNER IDENTITY SED_ASSIGNEE_IDENTITY_TYPE GROUP SED_ASSIGNEE_GROUP_TYPE SOURCE_OWNER SED_ASSIGNEE_SOURCE_OWNER_TYPE ENTITLEMENT_OWNER SED_ASSIGNEE_ENTITLEMENT_OWNER_TYPE enum: - IDENTITY - GROUP - SOURCE_OWNER - ENTITLEMENT_OWNER type: string example: SOURCE_OWNER value: description: |- Identity or Group identifier Empty when using source/entitlement owner personas type: string example: 016629d1-1d25-463f-97f3-c6686846650 required: - type SedAssignment: description: Sed Assignment type: object title: Sed Assignment properties: assignee: $ref: '#/components/schemas/SedAssignee' items: description: List of SED id's items: format: uuid type: string example: 016629d1-1d25-463f-97f3-c6686846650 type: array SedAssignmentResponse: description: Sed Assignment Response type: object title: Sed Assignment Response properties: batchId: description: BatchId that groups all the ids together format: uuid type: string example: 016629d1-1d25-463f-97f3-c6686846650 Sed: description: Suggested Entitlement Description type: object title: Sed properties: Name: type: string description: name of the entitlement example: BatchInvoiceProcessing approved_by: type: string description: entitlement approved by example: 2c918086-76de-afbf-0176-f6d28f65565a approved_type: type: string description: entitlement approved type example: admin approved_when: format: date-time type: string example: '2024-03-22 16:32:16.308857' description: entitlement approved then attribute: type: string description: entitlement attribute example: Role description: type: string description: description of entitlement example: This entitlement allows automated processing of invoices in batches on a scheduled basis to streamline accounts payable procedures. displayName: type: string description: entitlement display name example: AWS-Cloud-Billing id: format: uuid type: string description: sed id example: ead281ee-12a9-40ac-9534-36b5d7d65d53 sourceId: type: string description: entitlement source id example: 103f567b93ee49b991c40f9412f87643 sourceName: type: string description: entitlement source name example: IDN Salesforce status: type: string description: entitlement status example: suggested suggestedDescription: type: string description: llm suggested entitlement description example: This entitlement allows automated processing of invoices in batches on a scheduled basis to streamline accounts payable type: type: string description: entitlement type example: group value: type: string description: entitlement value example: group SedPatch: description: Patch for Suggested Entitlement Description type: object title: Sed Patch properties: op: description: desired operation type: string example: replace path: description: field to be patched type: string example: status value: description: value to replace with example: approved SlimDiscoveredApplications: type: object description: Discovered applications title: Slim Discovered Application properties: id: type: string format: uuid description: Unique identifier for the discovered application. example: 2d9180835d2e5168015d32f890ca1581 name: type: string description: Name of the discovered application. example: ExampleApp discoverySource: type: string description: Source from which the application was discovered. example: csv discoveredVendor: type: string description: The vendor associated with the discovered application. example: ExampleVendor description: type: string description: A brief description of the discovered application. example: An application for managing examples. recommendedConnectors: type: array items: type: string description: List of recommended connectors for the application. example: - ConnectorA - ConnectorB discoveredAt: type: string format: date-time description: The timestamp when the application was last received via an entitlement aggregation invocation or a manual csv upload, in ISO 8601 format. example: '2023-01-01T12:00:00Z' createdAt: type: string format: date-time description: The timestamp when the application was first discovered, in ISO 8601 format. example: '2023-01-01T12:00:00Z' status: type: string description: |- The status of an application within the discovery source. By default this field is set to "ACTIVE" when the application is discovered. If an application has been deleted from within the discovery source, the status will be set to "INACTIVE". example: ACTIVE FullDiscoveredApplications: type: object description: Discovered applications with their respective associated sources title: Discovered Application properties: id: type: string format: uuid description: Unique identifier for the discovered application. example: 2d9180835d2e5168015d32f890ca1581 name: type: string description: Name of the discovered application. example: ExampleApp discoverySource: type: string description: Source from which the application was discovered. example: csv discoveredVendor: type: string description: The vendor associated with the discovered application. example: ExampleVendor description: type: string description: A brief description of the discovered application. example: An application for managing examples. recommendedConnectors: type: array items: type: string description: List of recommended connectors for the application. example: - ConnectorA - ConnectorB discoveredAt: type: string format: date-time description: The timestamp when the application was last received via an entitlement aggregation invocation or a manual csv upload, in ISO 8601 format. example: '2023-01-01T12:00:00Z' createdAt: type: string format: date-time description: The timestamp when the application was first discovered, in ISO 8601 format. example: '2023-01-01T12:00:00Z' status: type: string description: |- The status of an application within the discovery source. By default this field is set to "ACTIVE" when the application is discovered. If an application has been deleted from within the discovery source, the status will be set to "INACTIVE". example: ACTIVE associatedSources: type: array items: type: string format: uuid description: List of associated sources related to this discovered application. example: - e0cc5d7d-bf7f-4f81-b2af-8885b09d9923 - a0303682-5e4a-44f7-bdc2-6ce6112549c1 ManualDiscoverApplicationsTemplate: type: object title: Manual Discover Applications Template properties: application_name: type: string description: Name of the application. example: Example Application description: type: string description: Description of the application. example: Example Description ManualDiscoverApplications: type: object title: Manual Discover Applications properties: file: type: string format: binary description: The CSV file to upload containing `application_name` and `description` columns. Each row represents an application to be discovered. example: |- application_name,description "Sample App","This is a sample description for Sample App." "Another App","Description for Another App." required: - file SourceApp: type: object properties: id: type: string description: The source app id example: 2c91808874ff91550175097daaec161c cloudAppId: type: string description: The deprecated source app id example: '9854520' name: type: string description: The source app name example: my app created: type: string description: Time when the source app was created format: date-time example: '2020-10-08T18:33:52.029Z' modified: type: string description: Time when the source app was last modified format: date-time example: '2020-10-08T18:33:52.029Z' enabled: type: boolean default: false description: True if the source app is enabled example: true provisionRequestEnabled: type: boolean default: false description: True if the app allows access request example: true description: type: string nullable: false description: The description of the source app example: the source app for engineers matchAllAccounts: type: boolean default: false description: True if the source app match all accounts example: true appCenterEnabled: type: boolean default: true description: True if the app is visible in the request center example: true accountSource: type: object nullable: true properties: id: type: string description: The source ID example: 2c9180827ca885d7017ca8ce28a000eb type: type: string description: The source type, will always be "SOURCE" example: SOURCE name: type: string description: The source name example: ODS-AD-Source useForPasswordManagement: type: boolean default: false description: If the source is used for password management example: true passwordPolicies: type: array nullable: true description: The password policies for the source items: $ref: '#/components/schemas/BaseReferenceDto' example: - type: PASSWORD_POLICY id: 006a072ecc6647f68bba9f4a4ad34649 name: Password Policy 1 owner: type: object nullable: true allOf: - $ref: '#/components/schemas/BaseReferenceDto' description: The owner of source app example: id: 85d173e7d57e496569df763231d6deb6a type: IDENTITY name: John Doe SourceAppPatchDto: type: object properties: id: type: string description: The source app id example: 2c91808874ff91550175097daaec161c cloudAppId: type: string description: The deprecated source app id example: '9854520' name: type: string description: The source app name example: my app created: type: string description: Time when the source app was created format: date-time example: '2020-10-08T18:33:52.029Z' modified: type: string description: Time when the source app was last modified format: date-time example: '2020-10-08T18:33:52.029Z' enabled: type: boolean default: false description: True if the source app is enabled example: true provisionRequestEnabled: type: boolean default: false description: True if the app allows access request example: true description: type: string nullable: false description: The description of the source app example: the source app for engineers matchAllAccounts: type: boolean default: false description: True if the source app match all accounts example: true appCenterEnabled: type: boolean default: true description: True if the app is visible in the request center example: true accessProfiles: type: array items: type: string nullable: true description: List of IDs of access profiles example: - 2c9180857725c14301772a93bb77242d - c9dc28e148a24d65b3ccb5fb8ca5ddd9 accountSource: type: object nullable: true properties: id: type: string description: The source ID example: 2c9180827ca885d7017ca8ce28a000eb type: type: string description: The source type, will always be "SOURCE" example: SOURCE name: type: string description: The source name example: ODS-AD-Source useForPasswordManagement: type: boolean default: false description: If the source is used for password management example: true passwordPolicies: type: array nullable: true description: The password policies for the source items: $ref: '#/components/schemas/BaseReferenceDto' example: - type: PASSWORD_POLICY id: 006a072ecc6647f68bba9f4a4ad34649 name: Password Policy 1 owner: type: object nullable: true allOf: - $ref: '#/components/schemas/BaseReferenceDto' description: The owner of source app example: id: 85d173e7d57e496569df763231d6deb6a type: IDENTITY name: John Doe SourceAppBulkUpdateRequest: type: object properties: appIds: type: array description: List of source app ids to update maxItems: 50 items: type: string example: - 2c91808a7624751a01762f19d665220d - 2c91808a7624751a01762f19d67c220e - 2c91808a7624751a01762f19d692220f jsonPatch: type: array items: $ref: '#/components/schemas/JsonPatchOperation' description: The JSONPatch payload used to update the source app. example: - op: replace path: /enabled value: false - op: replace path: /matchAllAccounts value: false required: - appIds - jsonPatch SourceAppCreateDto: type: object required: - name - description - accountSource properties: name: type: string description: The source app name example: my app description: type: string nullable: false description: The description of the source app example: the source app for engineers matchAllAccounts: type: boolean default: false description: True if the source app match all accounts example: true accountSource: type: object required: - id properties: id: type: string nullable: false description: The source ID example: 2c9180827ca885d7017ca8ce28a000eb type: type: string description: The source type, will always be "SOURCE" example: SOURCE name: type: string description: The source name example: ODS-AD-Source matchTerm: type: object properties: name: type: string description: The attribute name example: mail value: type: string description: The attribute value example: 1234 Albany Dr op: type: string description: The operator between name and value example: eq container: type: boolean default: false description: If it is a container or a real match term example: true and: type: boolean description: If it is AND logical operator for the children match terms default: false example: false children: type: array nullable: true items: type: object additionalProperties: true description: The children under this match term example: - name: businessCategory value: Service op: eq container: false and: false children: null selector: type: object properties: applicationId: type: string description: The application id example: 2c91808874ff91550175097daaec161c" accountMatchConfig: type: object properties: matchExpression: type: object properties: matchTerms: type: array items: $ref: '#/components/schemas/matchTerm' example: - name: '' value: '' op: null container: true and: false children: - name: businessCategory value: Service op: eq container: false and: false children: null and: type: boolean description: If it is AND operators for match terms default: true example: true AccessProfileDetails: type: object properties: id: type: string description: The ID of the Access Profile example: 2c91808a7190d06e01719938fcd20792 name: type: string description: Name of the Access Profile example: Employee-database-read-write description: type: string nullable: true description: Information about the Access Profile example: Collection of entitlements to read/write the employee database created: type: string description: Date the Access Profile was created format: date-time example: '2021-03-01T22:32:58.104Z' modified: type: string description: Date the Access Profile was last modified. format: date-time example: '2021-03-02T20:22:28.104Z' disabled: type: boolean default: true description: Whether the Access Profile is enabled. example: true requestable: type: boolean default: false description: Whether the Access Profile is requestable via access request. example: true protected: type: boolean default: false description: Whether the Access Profile is protected. example: false ownerId: type: string description: The owner ID of the Access Profile example: 9870808a7190d06e01719938fcd20792 sourceId: type: integer format: int64 nullable: true description: The source ID of the Access Profile example: 10360661 sourceName: type: string description: The source name of the Access Profile example: AD Source appId: type: integer format: int64 nullable: true description: The source app ID of the Access Profile example: 10360661 appName: type: string nullable: true description: The source app name of the Access Profile example: mail app applicationId: type: string description: The id of the application example: edcb0951812949d085b60cd8bf35bc78 type: type: string description: The type of the access profile example: source entitlements: type: array items: type: string description: List of IDs of entitlements example: - 2c9180857725c14301772a93bb77242d - c9dc28e148a24d65b3ccb5fb8ca5ddd9 entitlementCount: type: integer format: int32 example: 12 description: The number of entitlements in the access profile segments: type: array items: type: string description: List of IDs of segments, if any, to which this Access Profile is assigned. example: - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 - 29cb6c06-1da8-43ea-8be4-b3125f248f2a approvalSchemes: type: string description: | Comma-separated list of approval schemes. Each approval scheme is one of - manager - appOwner - sourceOwner - accessProfileOwner - workgroup:<workgroupId> example: accessProfileOwner revokeRequestApprovalSchemes: type: string description: | Comma-separated list of revoke request approval schemes. Each approval scheme is one of - manager - sourceOwner - accessProfileOwner - workgroup:<workgroupId> example: accessProfileOwner requestCommentsRequired: type: boolean default: false description: Whether the access profile require request comment for access request. example: true deniedCommentsRequired: type: boolean default: false description: Whether denied comment is required when access request is denied. example: true accountSelector: type: object description: How to select account when there are multiple accounts for the user properties: selectors: type: array nullable: true items: $ref: '#/components/schemas/selector' UserApp: type: object properties: id: type: string description: The user app id example: 2c91808874ff91550175097daaec161c created: type: string description: Time when the user app was created format: date-time example: '2020-10-08T18:33:52.029Z' modified: type: string description: Time when the user app was last modified format: date-time example: '2020-10-08T18:33:52.029Z' hasMultipleAccounts: type: boolean default: false description: True if the owner has multiple accounts for the source example: false useForPasswordManagement: type: boolean default: false description: True if the source has password feature example: true provisionRequestEnabled: type: boolean default: false description: True if the app allows access request example: true appCenterEnabled: type: boolean default: true description: True if the app is visible in the request center example: true sourceApp: type: object properties: id: type: string description: the source app ID example: edcb0951812949d085b60cd8bf35bc78 type: type: string description: It will always be "APPLICATION" example: APPLICATION name: type: string description: the source app name example: test-app source: type: object properties: id: type: string description: the source ID example: 9870808a7190d06e01719938fcd20792 type: type: string description: It will always be "SOURCE" example: SOURCE name: type: string description: the source name example: test-source account: type: object properties: id: type: string description: the account ID example: 85d173e7d57e496569df763231d6deb6a type: type: string description: It will always be "ACCOUNT" example: ACCOUNT name: type: string description: the account name example: test account owner: type: object properties: id: type: string description: The identity ID example: 2c9180827ca885d7017ca8ce28a000eb type: type: string description: It will always be "IDENTITY" example: IDENTITY name: type: string description: The identity name example: John alias: type: string description: The identity alias example: John.Doe AppAccountDetails: type: object properties: appId: type: string description: The source app ID example: fbf4f72280304f1a8bc808fc2a3bcf7b appDisplayName: type: string description: The source app display name example: AD source app sourceAccount: type: object properties: id: type: string description: The account ID example: fbf4f72280304f1a8bc808fc2a3bcf7b nativeIdentity: type: string description: The native identity of account example: CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com displayName: type: string description: The display name of account example: Abby Smith sourceId: type: string description: The source ID of account example: 10efa58ea3954883b52bf74f489ce8f9 sourceDisplayName: type: string description: The source name of account example: ODS-AD-SOURCE FormSubmitted: title: Form Submitted type: object required: - submittedAt - tenantId - formInstanceId - formDefinitionId - name - createdBy - submittedBy - formData properties: submittedAt: type: date-time description: Date and time when the user submitted the form. example: '2020-06-29T22:01:50.474Z' tenantId: type: string description: ISC tenant's unique identifier. example: 2c9180845d1edece015d27a9717c3e19 formInstanceId: type: string description: Form instance's unique identifier. example: 2c9180835d2e5168015d32f890ca1582 formDefinitionId: type: string description: Form definition's unique identifier. example: 2c9180835d2e5168015d32f890ca1581 name: type: string description: Form's name. example: Open Service Request createdBy: type: object description: Origin of the form creation. required: - type - id properties: type: type: string description: Form creation origin's type. enum: - WORKFLOW_EXECUTION - SOURCE example: WORKFLOW_EXECUTION id: type: string description: Unique identifier of the origin of the form creation. example: 2c9180845d1edece015d27a9717c3e19 submittedBy: type: object description: Identity who submitted the form. required: - type - id - name properties: type: type: string description: DTO type of the identity who submitted the form. enum: - IDENTITY example: IDENTITY id: type: string description: Unique identifier of the identity who submitted the form. example: 2c9180845d1edece015d27a9717c3e19 name: type: string description: Name of the identity who submitted the form. example: Rob.Robertson formData: type: object description: Data in the submitted form. nullable: true additionalProperties: true example: department: IT requestType: New Laptop laptop: New Laptop type for Engineer comments: My laptop is running slowly, and I need to get a shiny new laptop to get my work done. Thanks! OutlierDetected: title: Outlier Detected type: object required: - identity - outlierType - score properties: identity: required: - id - type - name type: object description: Identity with unusual access, relative to its peers. properties: type: type: string description: Identity's DTO type. enum: - IDENTITY example: IDENTITY id: type: string description: Identity's unique ID. example: 2c7180a46faadee4016fb4e018c20642 name: type: string description: Identity's name. example: Michael Michaels outlierType: type: string description: Identity's outlier type. enum: - LOW_SIMILARITY example: LOW_SIMILARITY score: type: number description: Dissimilarity score that determines whether the identity is an outlier, ranging from `0.0` to `1.0`. The higher the score, the more likely the identity is an outlier. format: decimal example: 0.82 parameters: limit: in: query name: limit description: |- Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. required: false example: 250 schema: type: integer format: int32 minimum: 0 maximum: 250 default: 250 offset: in: query name: offset description: |- Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. required: false example: 0 schema: type: integer format: int32 minimum: 0 default: 0 count: in: query name: count description: |- If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. required: false example: true schema: type: boolean default: false limit50: in: query name: limit description: |- Note that for this API the maximum value for limit is 50. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. required: false example: 50 schema: type: integer format: int32 minimum: 0 maximum: 50 default: 50 id: in: path name: id description: ID of the requested document. schema: type: string required: true example: 2c91808568c529c60168cca6f90c1313 x-sailpoint-resource-operation-id: - listAccessProfiles - listAccountActivities - listEntitlements - listRoles - listIdentities searchlimit: in: query name: limit description: |- Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. required: false example: 10000 schema: type: integer format: int32 minimum: 0 maximum: 10000 default: 250 index: in: path name: index description: | The index from which to fetch the specified document. The currently supported index names are: *accessprofiles*, *accountactivities*, *entitlements*, *events*, *identities*, and *roles*. schema: type: string enum: - accessprofiles - accountactivities - entitlements - events - identities - roles required: true example: identities ClassificationMode: in: query name: classificationMode schema: type: string enum: - default - ignoreManual - forceMachine - forceHuman default: default description: |- Specifies how the accounts should be classified. default - uses criteria to classify account as machine or human, excludes accounts that were manually classified. ignoreManual - like default, but includes accounts that were manually classified. forceMachine - forces account to be classified as machine. forceHuman - forces account to be classified as human. required: false example: forceMachine responses: '202': description: Accepted - Returned if the request was successfully accepted into the system. content: application/json: schema: type: object '204': description: No content - indicates the request was successful but there is no content to be returned in the response. '400': description: Client Error - Returned if the request body is invalid. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' '401': description: Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. content: application/json: schema: type: object properties: error: description: A message describing the error example: 'JWT validation failed: JWT is expired' '403': description: Forbidden - Returned if the user you are running as, doesn't have access to this end-point. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: '403': summary: An example of a 403 response object value: detailCode: 403 Forbidden trackingId: b21b1f7ce4da4d639f2c62a57171b427 messages: - locale: en-US localeOrigin: DEFAULT text: The server understood the request but refuses to authorize it. '404': description: Not Found - returned if the request URL refers to a resource or object that does not exist content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: '404': summary: An example of a 404 response object value: detailCode: 404 Not found trackingId: b21b1f7ce4da4d639f2c62a57171b427 messages: - locale: en-US localeOrigin: DEFAULT text: The server did not find a current representation for the target resource. '405': description: Method Not Allowed - indicates that the server knows the request method, but the target resource doesn't support this method. content: application/json: schema: type: object properties: errorName: description: A message describing the error example: NotSupportedException errorMessage: description: Description of the error example: Cannot consume content type trackingId: type: string description: Unique tracking id for the error. example: e7eab60924f64aa284175b9fa3309599 '412': description: Precondition Failed - Returned in response if API/Feature not enabled for an organization. content: application/json: schema: type: object properties: message: description: A message describing the error example: ' API/Feature not enabled for your organization.' '429': description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. content: application/json: schema: type: object properties: message: description: A message describing the error example: ' Rate Limit Exceeded ' '500': description: Internal Server Error - Returned if there is an unexpected error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponseDto' examples: '500': summary: An example of a 500 response object value: detailCode: 500.0 Internal Fault trackingId: b21b1f7ce4da4d639f2c62a57171b427 messages: - locale: en-US localeOrigin: DEFAULT text: An internal fault occurred. examples: SlimCampaigns: description: List of Slim Campaigns that would result from not specifying *detail* or specifying SLIM value: - id: 2c918086719eec070171a7e3355a360a name: Manager Review description: A review of everyone's access by their manager. deadline: '2020-12-25T06:00:00.123Z' type: MANAGER status: ACTIVE emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false created: '2022-08-02T19:00:27.731Z' totalCertifications: 10 completedCertifications: 3 alerts: - level: ERROR localizations: - locale: en localeOrigin: DEFAULT text: Composite criterion must have children non-composite criterion must not. - id: 7e1a731e3fb845cfbe58112ba4673ee4 name: Search Campaign description: Search Campaign Info deadline: '2022-07-26T15:42:44Z' type: SEARCH status: ACTIVE emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false created: '2022-07-25T15:42:18.276Z' totalCertifications: 5 completedCertifications: 3 alerts: null - id: 2c918086719eec070171a7e3355a412b name: AD Source Review description: A review of our AD source. deadline: '2020-12-25T06:00:00.123Z' type: SOURCE_OWNER status: STAGED emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false correlatedStatus: CORRELATED created: '2022-07-27T17:04:19.027Z' totalCertifications: 7 completedCertifications: 3 alerts: - level: WARN localizations: - locale: en localeOrigin: DEFAULT text: Composite criterion is in wrong format. - id: 3b2e2e5821e84127b6d693d41c40623b name: Role Composition Campaign description: A review done by a role owner. deadline: '2020-12-25T06:00:00.468Z' type: ROLE_COMPOSITION status: ACTIVE emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false created: '2022-08-02T20:29:51.065Z' totalCertifications: 1 completedCertifications: 1 alerts: null FullCampaigns: description: List of Campaigns that would result from specifying *detail* as FULL value: - id: 078696a575e045c68d6722ccdb9f101d name: Role Composition Campaign description: A review done by a role owner. deadline: '2020-12-25T06:00:00.468Z' type: ROLE_COMPOSITION status: ERROR emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false modified: '2022-08-02T20:29:51.331Z' filter: type: CAMPAIGN_FILTER id: 0fbe863c063c4c88a35fd7f17e8a3df5 name: Test Role Composition Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: null roleCompositionCampaignInfo: remediatorRef: type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support reviewerId: null reviewer: null roleIds: - b15d609fc5c8434b865fe552315fda8f query: null description: null sourcesWithOrphanEntitlements: null mandatoryCommentRequirement: NO_DECISIONS - id: 1be8fc1103914bf0a4e14e316b6a7b7c name: Manager Review description: A review of everyone's access by their manager. deadline: '2020-12-25T06:00:00.468Z' type: MANAGER status: STAGED emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false modified: '2022-08-02T19:00:34.391Z' filter: type: CAMPAIGN_FILTER id: 0fbe863c063c4c88a35fd7f17e8a3df5 name: Test Manager Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: null roleCompositionCampaignInfo: null sourcesWithOrphanEntitlements: [] mandatoryCommentRequirement: NO_DECISIONS - id: 7e1a731e3fb845cfbe58112ba4673ee4 name: Search Campaign description: Search Campaign for Identities deadline: '2022-07-26T15:42:44Z' type: SEARCH status: ACTIVE emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false modified: '2022-07-25T15:42:53.718Z' filter: type: CAMPAIGN_FILTER id: 0fbe863c063c4c88a35fd7f17e8a3df5 name: Test Search Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: type: IDENTITY description: Example of Search Campaign reviewer: type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: null query: user identityIds: null accessConstraints: [] roleCompositionCampaignInfo: null sourcesWithOrphanEntitlements: [] mandatoryCommentRequirement: NO_DECISIONS - id: ad3cf3dd50394b1bad646de4bc51b999 name: Source Owner Campaign description: Example for Source Owner Campaign deadline: '2022-08-10T17:09:02Z' type: SOURCE_OWNER status: ACTIVE emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false modified: '2022-07-27T17:09:13.925Z' filter: type: CAMPAIGN_FILTER id: 0fbe863c063c4c88a35fd7f17e8a3df5 name: Test Source Owner Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: sourceIds: - 2c91808781fd5aea01821200dc88318e searchCampaignInfo: null roleCompositionCampaignInfo: null sourcesWithOrphanEntitlements: [] correlatedStatus: CORRELATED mandatoryCommentRequirement: NO_DECISIONS CreateCampaignManager: value: name: Manager Review description: A review of everyone's access by their manager. deadline: '2020-12-25T06:00:00.468Z' type: MANAGER emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false filter: type: CAMPAIGN_FILTER id: 0c46fb26c6b20967a55517ee90d15b93 mandatoryCommentRequirement: NO_DECISIONS CreateCampaignSearch: value: name: Search Campaign description: Search Campaign deadline: '2020-12-25T06:00:00.468Z' type: SEARCH emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false filter: type: CAMPAIGN_FILTER id: 0c46fb26c6b20967a55517ee90d15b93 searchCampaignInfo: type: ACCESS query: user mandatoryCommentRequirement: NO_DECISIONS CreateCampaignSourceOwner: value: name: Source Owner description: Source Owner Info deadline: '2020-12-25T06:00:00.468Z' type: SOURCE_OWNER emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false filter: type: CAMPAIGN_FILTER id: 0c46fb26c6b20967a55517ee90d15b93 sourceOwnerCampaignInfo: sourceIds: - 612b31b1a0f04aaf83123bdb80e70db6 correlatedStatus: CORRELATED mandatoryCommentRequirement: NO_DECISIONS CreateCampaignRoleComposition: value: name: Role Composition Campaign description: A review done by a role owner. deadline: '2020-12-25T06:00:00.468Z' type: ROLE_COMPOSITION emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false filter: type: CAMPAIGN_FILTER id: 0c46fb26c6b20967a55517ee90d15b93 roleCompositionCampaignInfo: remediatorRef: type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support roleIds: - b15d609fc5c8434b865fe552315fda8f mandatoryCommentRequirement: NO_DECISIONS CreateCampaignMachineAccount: value: name: Machine Account Owner Campaign description: A review done by a Machine Account's owner. deadline: '2024-12-25T06:00:00.468Z' type: MACHINE_ACCOUNT emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false filter: type: CAMPAIGN_FILTER id: 0c46fb26c6b20967a55517ee90d15b93 machineAccountCampaignInfo: sourceIds: - d988f117b7624a16ab0b64c439d5dbb8 reviewerType: ACCOUNT_OWNER FullCampaignManager: value: id: 5594f43b76804a6980ece5fdccf74be7 name: Manager Review description: A review of everyone's access by their manager. deadline: '2020-12-25T06:00:00.468Z' type: MANAGER status: PENDING emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false created: '2022-08-02T20:21:18.421Z' modified: null filter: type: CAMPAIGN_FILTER id: 0fbe863c063c4c88a35fd7f17e8a3df5 name: Test Manager Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: null roleCompositionCampaignInfo: null machineAccountCampaignInfo: null alerts: null totalCertifications: 0 completedCertifications: 0 sourcesWithOrphanEntitlements: null mandatoryCommentRequirement: NO_DECISIONS FullCampaignSearch: value: id: ec041831cb2147778b594feb9d8db44a name: Search Campaign description: Search Campaign deadline: '2020-12-25T06:00:00.468Z' type: SEARCH status: PENDING emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false created: '2022-08-03T13:54:34.344Z' modified: null filter: type: CAMPAIGN_FILTER id: 0fbe863c063c4c88a35fd7f17e8a3df5 name: Test Search Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: type: ACCESS description: user reviewer: type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: null query: user identityIds: null accessConstraints: [] roleCompositionCampaignInfo: null machineAccountCampaignInfo: null alerts: null totalCertifications: 0 completedCertifications: 0 sourcesWithOrphanEntitlements: null mandatoryCommentRequirement: NO_DECISIONS FullCampaignSourceOwner: value: id: fd7b76ba4ea042de8a9414aa12fc977a name: Source Owner description: Source Owner Info deadline: '2020-12-25T06:00:00.468Z' type: SOURCE_OWNER status: PENDING emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false created: '2022-08-03T13:34:19.541Z' modified: null filter: type: CAMPAIGN_FILTER id: 0fbe863c063c4c88a35fd7f17e8a3df5 name: Test Source Owner Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null sourceIds: - 612b31b1a0f04aaf83123bdb80e70db6 searchCampaignInfo: null roleCompositionCampaignInfo: null machineAccountCampaignInfo: null alerts: null totalCertifications: 0 completedCertifications: 0 sourcesWithOrphanEntitlements: null correlatedStatus: CORRELATED mandatoryCommentRequirement: NO_DECISIONS FullCampaignRoleComposition: value: id: 3b2e2e5821e84127b6d693d41c40623b name: Role Composition Campaign description: A review done by a role owner. deadline: '2020-12-25T06:00:00.468Z' type: ROLE_COMPOSITION status: PENDING emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false created: '2022-08-02T20:30:46.083Z' modified: null filter: type: CAMPAIGN_FILTER id: 0fbe863c063c4c88a35fd7f17e8a3df5 name: Test Role Composition Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: null roleCompositionCampaignInfo: remediatorRef: type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support reviewerId: null reviewer: null roleIds: - b15d609fc5c8434b865fe552315fda8f query: null description: null alerts: null totalCertifications: 0 completedCertifications: 0 sourcesWithOrphanEntitlements: null machineAccountCampaignInfo: null mandatoryCommentRequirement: NO_DECISIONS FullCampaignMachineAccount: value: id: 3e9ff3d6555e4721b74695d5b578e847 name: Machine Account Owner Campaign description: A review done by a machine account's owner. deadline: '2024-05-07T19:43:38.186Z' type: MACHINE_ACCOUNT status: PENDING emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false created: '2024-04-23T19:43:38.355Z' modified: '2024-04-23T19:43:38.355Z' filter: null sunsetCommentsRequired: true mandatoryCommentRequirement: NO_DECISIONS sourceOwnerCampaignInfo: null searchCampaignInfo: null roleCompositionCampaignInfo: null totalCertifications: 0 completedCertifications: 0 alerts: null correlatedStatus: CORRELATED sourcesWithOrphanEntitlements: [] machineAccountCampaignInfo: sourceIds: - d988f117b7624a16ab0b64c439d5dbb8 reviewerType: ACCOUNT_OWNER SlimCampaignManager: value: id: 2c918086719eec070171a7e3355a360a name: Manager Review description: A review of everyone's access by their manager. deadline: '2020-12-25T06:00:00.123Z' type: MANAGER status: ACTIVE emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false SlimCampaignSearch: value: id: 7e1a731e3fb845cfbe58112ba4673ee4 name: Search Campaign description: Search Campaign Info deadline: '2022-07-26T15:42:44Z' type: SEARCH status: ACTIVE emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false SlimCampaignSourceOwner: value: id: 2c918086719eec070171a7e3355a412b name: AD Source Review description: A review of our AD source. deadline: '2020-12-25T06:00:00.123Z' type: SOURCE_OWNER status: STAGED emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false correlatedStatus: CORRELATED SlimCampaignRoleComposition: value: id: 3b2e2e5821e84127b6d693d41c40623b name: Role Composition Campaign description: A review done by a role owner. deadline: '2020-12-25T06:00:00.468Z' type: ROLE_COMPOSITION status: ACTIVE emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false CreateCampaignTemplateManager: description: This creates a template that can be used to generate manager campaigns. The campaigns will have a due date that is two weeks after their creation date, and will be named "{current date} Manager Review" (e.g. "2020-03-16 Manager Review"). value: name: Manager Review description: A review of everyone's access by their manager. deadlineDuration: P2W campaign: name: Manager Review description: Review everyone's access. type: MANAGER filter: type: CAMPAIGN_FILTER id: e0adaae69852e8fe8b8a3d48e5ce757c emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false mandatoryCommentRequirement: NO_DECISIONS CreateCampaignTemplateSearch: description: This creates a template that can be used to generate search access campaigns. The campaigns will cover the "reporter" access item for across all identities. value: name: Reporting Access Review description: A review of everyone's access to the reporting system. deadlineDuration: P2W campaign: name: Search Review description: Review everyone's access to the reporting system. type: SEARCH filter: type: CAMPAIGN_FILTER id: e0adaae69852e8fe8b8a3d48e5ce757c searchCampaignInfo: type: ACCESS query: '@access(name: ("reporter"))' description: Identities with reporting abilities emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false mandatoryCommentRequirement: NO_DECISIONS CreateCampaignTemplateSourceOwner: description: This creates a template that can be used to generate source owner campaigns. The campaigns will have a due date that is one month after their creation date, and will review one source. value: name: AD Source Review description: A review of our AD source. deadlineDuration: P1M campaign: name: Source Review description: Review everyone's access. type: SOURCE_OWNER filter: type: CAMPAIGN_FILTER id: e0adaae69852e8fe8b8a3d48e5ce757c sourceOwnerCampaignInfo: sourceIds: - 2c918084707deba501709d45ce4e5569 emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false correlatedStatus: CORRELATED mandatoryCommentRequirement: NO_DECISIONS CreateCampaignTemplateRoleComposition: description: This creates a template that can be used to generate role composition campaigns. The campaigns will have a due date that is two weeks after their creation date, and will be named "{current date} Role Composition Review" (e.g. "2020-03-16 Role Composition Review"). value: name: Role Composition Review description: A review of every role's access items, by the specified reviewer. deadlineDuration: P2W campaign: name: Role Composition Review description: Review all our roles. type: ROLE_COMPOSITION roleCompositionCampaignInfo: remediatorRef: type: IDENTITY id: 2c9180876ab2c053016ab6f65dfd5aaa emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false mandatoryCommentRequirement: NO_DECISIONS CampaignTemplateManager: value: id: e7dbec99d49349c8951bd84f58a05120 name: Manager Review created: '2022-08-02T19:16:42.632Z' modified: null description: A review of everyone's access by their manager. deadlineDuration: P14D ownerRef: email: support@testmail.identitysoon.com type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support scheduled: false campaign: created: null modified: null filter: type: CAMPAIGN_FILTER id: e0adaae69852e8fe8b8a3d48e5ce757c name: Test Manager Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: null roleCompositionCampaignInfo: null alerts: null totalCertifications: null completedCertifications: null sourcesWithOrphanEntitlements: null id: null name: Manager Review description: Review everyone's access. deadline: null type: MANAGER status: null emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false correlatedStatus: CORRELATED mandatoryCommentRequirement: NO_DECISIONS CampaignTemplateSearch: value: id: b7e6459eed5247ac8b98a5fed81fe27f name: Reporting Access Review created: '2022-07-28T19:19:40.035Z' modified: null description: A review of everyone's access to the reporting system. deadlineDuration: P14D ownerRef: email: support@testmail.identitysoon.com type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support scheduled: false campaign: created: null modified: null filter: type: CAMPAIGN_FILTER id: e0adaae69852e8fe8b8a3d48e5ce757c name: Test Search Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: type: ACCESS description: Identities with reporting abilities reviewerId: null reviewer: null query: '@access(name: ("reporter"))' identityIds: null accessConstraints: [] roleCompositionCampaignInfo: null alerts: null totalCertifications: null completedCertifications: null sourcesWithOrphanEntitlements: null id: null name: Search Campaign Review description: Review everyone's access to the reporting system. deadline: null type: SEARCH status: null emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false correlatedStatus: CORRELATED mandatoryCommentRequirement: NO_DECISIONS CampaignTemplateSourceOwner: value: id: b9f41bc69e7a4291b9de0630396d030d name: AD Source Review created: '2022-08-02T13:40:36.857Z' modified: null description: A review of our AD source. deadlineDuration: P1M ownerRef: email: support@testmail.identitysoon.com type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support scheduled: false campaign: created: null modified: null filter: type: CAMPAIGN_FILTER id: e0adaae69852e8fe8b8a3d48e5ce757c name: Test Source Owner Filter sunsetCommentsRequired: true sourceOwnerCampaignInfo: sourceIds: - 2c918084707deba501709d45ce4e5569 searchCampaignInfo: null roleCompositionCampaignInfo: null alerts: null totalCertifications: null completedCertifications: null sourcesWithOrphanEntitlements: null id: null name: AD Source Review description: Review everyone's access. deadline: null type: SOURCE_OWNER status: null emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false correlatedStatus: CORRELATED mandatoryCommentRequirement: NO_DECISIONS CampaignTemplateRoleComposition: value: id: b9f41bc69e7a4291b9de0630396d030d name: Campaign With Admin Role created: '2022-08-02T13:40:36.857Z' modified: null description: Campaign With Admin Role deadlineDuration: null ownerRef: email: support@testmail.identitysoon.com type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support scheduled: false campaign: created: null modified: null filter: null sunsetCommentsRequired: true sourceOwnerCampaignInfo: null searchCampaignInfo: null roleCompositionCampaignInfo: remediatorRef: type: IDENTITY id: 7ec252acbd4245548bc25df22348cb75 name: SailPoint Support reviewerId: null reviewer: null roleIds: - b15d609fc5c8434b865fe552315fda8f query: null description: null alerts: null totalCertifications: null completedCertifications: null sourcesWithOrphanEntitlements: null id: null name: Campaign With Admin Role description: Campaign With Admin Role deadline: null type: ROLE_COMPOSITION status: null emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false correlatedStatus: CORRELATED mandatoryCommentRequirement: NO_DECISIONS client-log-configuration-duration-minutes: summary: Duration minutes value: clientId: 3a38a51992e8445ab51a549c0a70ee66 durationMinutes: 120 rootLevel: INFO logLevels: sailpoint.connector.ADLDAPConnector: TRACE sailpoint.connector.JDBCConnector: DEBUG client-log-configuration-expiration: summary: Expiration value: clientId: 3a38a51992e8445ab51a549c0a70ee66 expiration: '2024-11-06T01:31:08.013164Z' rootLevel: INFO logLevels: sailpoint.connector.ADLDAPConnector: TRACE sailpoint.connector.JDBCConnector: DEBUG execute-scheduled: summary: Triggered by scheduled search value: scheduleId: 7a724640-0c17-4ce9-a8c3-4a89738459c8 execute-test: summary: Triggered by ui test value: owner: type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 recipients: - type: IDENTITY id: 2c91808568c529c60168cca6f90c1313 query-accessprofiles: summary: Query for access profiles value: indices: - accessprofiles query: query: requestable:true query-accountactivities: summary: Query for acccount activities value: indices: - accountactivities query: query: sources:"Active Directory" query-entitlements: summary: Query for entitlements value: indices: - entitlements query: query: source.name:Finance query-events: summary: Query for events value: indices: - events query: query: type:PROVISIONING query-identities: summary: Query for identities value: indices: - identities query: query: attributes.cloudLifecycleState:active query-roles: summary: Query for roles value: indices: - roles query: query: enabled:true query-fields: summary: Query with fields value: indices: - identities query: query: '"John Doe"' fields: - name query-timeZone: summary: Query with timezone value: indices: - identities query: query: 'created: [2022-05-19T19:26:03.351Z TO now]' timeZone: America/Los_Angeles query-innerHit: summary: Query with innerhit value: indices: - identities query: query: '"John Doe"' innerHit: type: access query: source.name:"Active Directory" typeAheadQuery: summary: Typeahead query value: indices: - identities queryType: TYPEAHEAD typeAheadQuery: field: name query: Jo maxExpansions: 50 size: 100 sort: desc sortByValue: false typeAheadQuery-nestedType: summary: Typeahead query with nestedtype value: indices: - identities queryType: TYPEAHEAD typeAheadQuery: field: source.name nestedType: access query: Work maxExpansions: 50 size: 100 sort: desc sortByValue: false filter-exists: summary: Filter with exists value: indices: - identities query: query: attributes.city:Austin filters: attributes.personalEmail: type: EXISTS exclude: true filter-range: summary: Filter with range value: indices: - identities query: query: attributes.city:London timeZone: Europe/London filters: accessCount: type: RANGE range: lower: value: '3' created: type: RANGE range: lower: value: '2023-12-01' inclusive: true upper: value: '2025-01-01' filter-terms: summary: Filter with terms value: indices: - identities query: query: attributes.city:London filters: source.name: type: TERMS terms: - HR Employees - Corporate Active Directory exclude: true isManager: type: TERMS terms: - 'true' accessProfiles: summary: A collection of access profiles value: - id: 13b856dd9a264206954b63ecbb57a853 name: Cloud Eng description: Cloud Eng source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory entitlements: - hasPermissions: false attribute: memberOf value: CN=Cloud Engineering,DC=sailpoint,DC=com schema: group privileged: false id: 7372eaddd75749bd89a2e76a363eb891 name: Cloud Engineering description: Cloud Engineering entitlementCount: 1 segments: [] segmentCount: 0 apps: [] created: '2024-09-16T17:41:25Z' modified: '2024-09-16T19:30:54Z' synced: '2025-02-12T06:32:40.156Z' enabled: true requestable: true requestCommentsRequired: false owner: id: ff8081815757d36a015757d42e56031e name: SailPoint Support type: IDENTITY email: cloud-support@sailpoint.com tags: - TAG_1 - TAG_2 _type: accessprofile type: accessprofile pod: pod01-useast1 org: org-name _version: v2 accountActivities: summary: A collection of account activities value: - id: 6f76c3add1db4ba8bbe0d42aaceb7a07 _type: accountactivity type: accountactivity requester: name: Amos.Cunningham id: ef1e2a36099447cb9448c68e1804dd9f type: Identity sources: Active Directory created: '2025-01-02T21:45:59.795Z' accountRequests: - result: status: committed accountId: CN=Amos Cunningham,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com op: Modify provisioningTarget: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 type: ADLDAPConnector source: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 type: ADLDAPConnector attributeRequests: - op: Add name: memberOf value: CN=HelpDesk,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com stage: Completed originalRequests: - result: status: Manual Task Created accountId: CN=Amos Cunningham,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com op: Modify accountUuid: '{17413e85-1c08-4bb0-b658-9afdaad11d0a}' source: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 type: ADLDAPConnector attributeRequests: - op: Add name: memberOf value: CN=HelpDesk,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com expansionItems: [] approvals: - owner: name: tina.smith id: 322c6bce405a495a8e841a014b7d8410 type: Identity result: Finished attributeRequest: op: Add name: memberOf value: - CN=HelpDesk,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com accountUuid: '{17413e85-1c08-4bb0-b658-9afdaad11d0a}' modified: '2025-01-02T21:47:16.903Z' source: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 type: ADLDAPConnector recipient: name: Amos.Cunningham id: ef1e2a36099447cb9448c68e1804dd9f type: Identity action: Access Request modified: '2025-01-02T21:47:16.903Z' trackingNumber: 051d09b0bb5b453d91f658ba7f1e3171 status: Complete pod: pod01-useast1 org: org-name synced: '2025-01-02T21:47:16.953Z' _version: v2 entitlements: summary: A collection of entitlements value: - id: 2c9180867dde18d1017de8ea1f5c130f name: Vendor Creation displayName: Vendor Creation created: '2021-12-23T20:09:57.340Z' modified: '2023-05-02T06:31:19.357Z' attribute: groups value: VC sourceSchemaObjectType: group schema: group privileged: false cloudGoverned: false hash: 22ac1f7a13c8a462c67ee74f5fcbf06a277cce50 description: Set up new AP vendors requestable: false source: id: 2c9180887de347a7017de8e75fa5570a type: SOURCE name: Finance containsDataAccess: 'false' pod: pod01-useast1 org: org-name synced: '2024-11-07T16:29:06.131Z' _type: entitlement type: entitlement _version: v2 events: summary: A collection of events value: - id: 001909ce8cc3b519436197105426b18b5fc6ca179803c0c3702e9038107bec78 stack: wps synced: '2023-06-01T22:01:38.170Z' created: '2023-06-01T22:01:37.818Z' objects: - ACCOUNT type: PROVISIONING technicalName: ACCOUNT_MODIFY_PASSED target: name: Colt.Spears actor: name: System name: Modify Account Passed action: ModifyAccount attributes: accountUuid: '{2d1ec18a-84cc-4659-bf75-a1ce4d56a9c5}' cloudAppName: Active Directory appId: 5c71ff71195b4794a0b87e7cf36fb017 sourceId: source sourceName: Active Directory accountName: CN=Colt Spears,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpoint,DC=com interface: Identity Refresh trackingNumber: 1f74901adbc0412d9fa51314195155be operation: MODIFY status: PASSED pod: pod01-useast1 org: org-name _type: event _version: v2 identities: summary: A collection of identities value: - id: 2c9180865c45e7e3015c46c434a80622 name: Laura Peeters firstName: Laura lastName: Peeters displayName: Laura Peeters email: Laura.Peeters@sailpointdemo.com created: '2024-04-04T21:36:00.385Z' inactive: false protected: false status: ACTIVE employeeNumber: '10673' manager: id: 88e405b1a3b8439daf2efc8f4ff0a98b name: Mia Garcia displayName: Mia Garcia isManager: true identityProfile: id: 00a2bc6244b34f4a88d985f035f2b68b name: HR Global source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global attributes: city: Brussels cloudAuthoritativeSource: 524f8d986f9b4192865269516d169eb0 cloudLifecycleState: active cloudStatus: ACTIVE country: BE department: EMEA Sales displayName: Laura Peeters email: Laura.Peeters@sailpointdemo.com firstname: Laura identificationNumber: '10673' identityState: ACTIVE internalCloudStatus: ACTIVE jobTitle: Manager, Sales - Belgium lastname: Peeters location: EMEA uid: '10673' visibleSegments: - d75ae486-044b-4eba-8113-0cdacb5341df disabled: false locked: false accounts: - id: 830396e8863442f1bce7b485612c8b51 name: Laura Peeters accountId: '10673' source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global type: DelimitedFile disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:00.385Z' supportsPasswordChange: false - id: cd6797419f37492ba22ea991f9d6ba90 name: $SEK300-N3K0K4HOPEB6 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory type: Active Directory - Direct disabled: false locked: false privileged: false manuallyCorrelated: true passwordLastSet: '2024-04-04T21:38:57.434Z' entitlementAttributes: memberOf: - CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com created: '2024-04-04T21:42:26.787Z' supportsPasswordChange: true - id: db145fd0ec6a4e0cbc3a24bbe0758c8f name: Laura Peeters accountId: '10681' source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global type: DelimitedFile disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:15.769Z' supportsPasswordChange: false - id: 6b75898eec394b4c98a5c3d2d9ba311b name: Laura Peeters accountId: Laura Peeters source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow type: IdentityNowConnector disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:15.809Z' supportsPasswordChange: true accountAttributes: {} accountCount: 3 apps: - id: '20003' name: Active Directory source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20013' name: AD test source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20014' name: Test AD source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5092' name: Accounting source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5822114389092541705' name: IdentityNow app source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow account: id: 6b75898eec394b4c98a5c3d2d9ba311b accountId: Laura Peeters appCount: 5 access: - id: 4919721c3c1a4ca484469b85f0fd9ba1 name: Benefits displayName: Benefits type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 4bf8f57887874e9c83ae3a662bf8988c name: Sales-Folder displayName: Sales-Folder type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: f1bea520cace4489805d26de3463262d name: Salesforce Access displayName: Salesforce Access type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 98a76b26b7884f3e8d115991cebc09b2 name: Salesforce opportunity management displayName: Salesforce opportunity management type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 7e277d102c874560becc464cdfe33a86 name: Benefits Employees displayName: Benefits Employees type: ACCESS_PROFILE description: Access for Benefits Employees. Distribution group and File share access. enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: 468171f0af874adebb58d3718519bd56 name: SalesCommonAccess displayName: SalesCommonAccess type: ACCESS_PROFILE description: Grants basic access for everyone in the sale department enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: ad7025c956734455b28fa35e315e77fe name: Benefits Common Access displayName: Benefits Common Access type: ROLE description: Testing AD provisioning with birthright access enabled: false requestable: false requestCommentsRequired: false owner: id: 322c6bce405a495a8e841a014b7d8410 name: tina.smith displayName: tina.smith disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: a8819cb0445541438fe08dd38f311b3c name: SalesGlobal displayName: SalesGlobal type: ROLE description: All Sales people in the company enabled: false requestable: false requestCommentsRequired: false owner: id: 29b6ee3f91484d159b1ceac3109af151 name: se.admin displayName: se.admin disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false accessCount: 8 accessProfileCount: 2 entitlementCount: 4 roleCount: 2 modified: '2025-01-17T03:17:17.895Z' visibleSegments: - All Employees visibleSegmentCount: 1 tagCount: 2 tags: - TAG_1 - TAG_2 pod: pod01-useast1 org: org-name synced: '2025-01-17T06:10:19.853Z' _type: identity type: identity _version: v2 roles: summary: A collection of roles value: - id: 2c91808c6faadea6016fb4f2bc69077b accessProfileCount: 1 accessProfiles: - id: 468171f0af874adebb58d3718519bd56 name: SalesCommonAccess created: '2023-06-01T22:00:55.311Z' description: All Sales people in the company dimensional: false enabled: true modified: '2023-06-01T22:00:55.432Z' name: SalesGlobal owner: email: admin@sailpointdemo.com id: c18630c4811c4030810afb3a14f388cf name: admin type: IDENTITY requestCommentsRequired: false requestable: true tags: - TAG_1 - TAG_2 pod: pod01-useast1 org: org-name _type: role type: role _version: v2 queryFields: summary: Query with fields value: - name: John Doe firstName: John lastName: Doe displayName: John Doe id: 655f6741762547ec937893f27eab0cec email: John.Doe@sailpointdemo.com created: '2025-01-03T22:36:20.025Z' inactive: false protected: false status: UNREGISTERED isManager: false identityProfile: id: 63e42f96f2fc4b8ba544654eba6068cf name: Contractors source: id: b33c36dbaf974200b4d91f846abc30a5 name: Contractors attributes: cloudAuthoritativeSource: b33c36dbaf974200b4d91f846abc30a5 cloudLifecycleState: active cloudStatus: UNREGISTERED displayName: John Doe email: John.Doe@sailpointdemo.com endDate: '2199-01-01T00:00:00.000Z' firstname: John identityState: ACTIVE internalCloudStatus: UNREGISTERED lastname: Doe startDate: '2199-01-01T00:00:00.000Z' uid: John Doe visibleSegments: - d75ae486-044b-4eba-8113-0cdacb5341df disabled: false locked: false accounts: - id: 6f9cce655ddd40ca86a8faab8d5d52ec name: John Doe accountId: ac10e3a8-942a-1409-8194-2e4fe3090003 source: id: b33c36dbaf974200b4d91f846abc30a5 name: Contractors type: Non-Employee disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2025-01-03T22:36:20.045Z' supportsPasswordChange: false - id: 9e29df88d4c5449ea790b4c24135b85c name: $FHK300-LAAKDKHU50K3 accountId: CN=John Doe,OU=Demo,DC=seri,DC=sailpointdemo,DC=com source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory type: Active Directory - Direct disabled: false locked: false privileged: false manuallyCorrelated: true entitlementAttributes: memberOf: - CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com created: '2025-01-03T22:36:36.866Z' supportsPasswordChange: true - id: 74e0cd14200943ff92b4f11fa3596eba name: John Doe accountId: John Doe source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow type: IdentityNowConnector disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2025-01-03T22:36:20.076Z' supportsPasswordChange: true accountAttributes: {} accountCount: 2 apps: - id: '20003' name: Active Directory source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: 9e29df88d4c5449ea790b4c24135b85c accountId: CN=John Doe,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20013' name: AD test source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: 9e29df88d4c5449ea790b4c24135b85c accountId: CN=John Doe,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20014' name: Test AD source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: 9e29df88d4c5449ea790b4c24135b85c accountId: CN=John Doe,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5092' name: Accounting source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: 9e29df88d4c5449ea790b4c24135b85c accountId: CN=John Doe,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5822114389092541705' name: IdentityNow app source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow account: id: 74e0cd14200943ff92b4f11fa3596eba accountId: John Doe appCount: 5 access: - id: 4919721c3c1a4ca484469b85f0fd9ba1 name: Benefits displayName: Benefits type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 7e277d102c874560becc464cdfe33a86 name: Benefits Employees displayName: Benefits Employees type: ACCESS_PROFILE description: Access for Benefits Employees. Distribution group and File share access. enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: ad7025c956734455b28fa35e315e77fe name: Benefits Common Access displayName: Benefits Common Access type: ROLE description: Testing AD provisioning with birthright access enabled: false requestable: false requestCommentsRequired: false owner: id: 322c6bce405a495a8e841a014b7d8410 name: tina.smith displayName: tina.smith disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false accessCount: 3 accessProfileCount: 1 entitlementCount: 1 roleCount: 1 modified: '2025-01-03T22:36:37.599Z' visibleSegments: - All Employees visibleSegmentCount: 1 tagCount: 0 pod: pod01-useast1 org: org-name synced: '2025-01-03T22:37:04.452Z' _type: identity type: identity _version: v2 queryTimeZone: summary: Query with timezone value: - name: Laura Peeters firstName: Laura lastName: Peeters displayName: Laura Peeters id: 0011cac38db341738af1f2ce7bb3aede email: Laura.Peeters@sailpointdemo.com created: '2024-04-04T21:36:00.385Z' inactive: false protected: false status: UNREGISTERED employeeNumber: '10673' manager: id: 88e405b1a3b8439daf2efc8f4ff0a98b name: Mia Garcia displayName: Mia Garcia isManager: true identityProfile: id: 00a2bc6244b34f4a88d985f035f2b68b name: HR Global source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global attributes: city: Brussels cloudAuthoritativeSource: 524f8d986f9b4192865269516d169eb0 cloudLifecycleState: active cloudStatus: UNREGISTERED country: BE department: EMEA Sales displayName: Laura Peeters email: Laura.Peeters@sailpointdemo.com firstname: Laura identificationNumber: '10673' identityState: ACTIVE internalCloudStatus: UNREGISTERED jobTitle: Manager, Sales - Belgium lastname: Peeters location: EMEA uid: '10673' visibleSegments: - d75ae486-044b-4eba-8113-0cdacb5341df disabled: false locked: false accounts: - id: 830396e8863442f1bce7b485612c8b51 name: Laura Peeters accountId: '10673' source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global type: DelimitedFile disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:00.385Z' supportsPasswordChange: false - id: cd6797419f37492ba22ea991f9d6ba90 name: $SEK300-N3K0K4HOPEB6 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory type: Active Directory - Direct disabled: false locked: false privileged: false manuallyCorrelated: true passwordLastSet: '2024-04-04T21:38:57.434Z' entitlementAttributes: memberOf: - CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com created: '2024-04-04T21:42:26.787Z' supportsPasswordChange: true - id: db145fd0ec6a4e0cbc3a24bbe0758c8f name: Laura Peeters accountId: '10681' source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global type: DelimitedFile disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:15.769Z' supportsPasswordChange: false - id: 6b75898eec394b4c98a5c3d2d9ba311b name: Laura Peeters accountId: Laura Peeters source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow type: IdentityNowConnector disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:15.809Z' supportsPasswordChange: true accountAttributes: {} accountCount: 3 apps: - id: '20003' name: Active Directory source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20013' name: AD test source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20014' name: Test AD source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5092' name: Accounting source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5822114389092541705' name: IdentityNow app source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow account: id: 6b75898eec394b4c98a5c3d2d9ba311b accountId: Laura Peeters appCount: 5 access: - id: 4919721c3c1a4ca484469b85f0fd9ba1 name: Benefits displayName: Benefits type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 4bf8f57887874e9c83ae3a662bf8988c name: Sales-Folder displayName: Sales-Folder type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: f1bea520cace4489805d26de3463262d name: Salesforce Access displayName: Salesforce Access type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 98a76b26b7884f3e8d115991cebc09b2 name: Salesforce opportunity management displayName: Salesforce opportunity management type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 7e277d102c874560becc464cdfe33a86 name: Benefits Employees displayName: Benefits Employees type: ACCESS_PROFILE description: Access for Benefits Employees. Distribution group and File share access. enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: 468171f0af874adebb58d3718519bd56 name: SalesCommonAccess displayName: SalesCommonAccess type: ACCESS_PROFILE description: Grants basic access for everyone in the sale department enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: ad7025c956734455b28fa35e315e77fe name: Benefits Common Access displayName: Benefits Common Access type: ROLE description: Testing AD provisioning with birthright access enabled: false requestable: false requestCommentsRequired: false owner: id: 322c6bce405a495a8e841a014b7d8410 name: tina.smith displayName: tina.smith disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: a8819cb0445541438fe08dd38f311b3c name: SalesGlobal displayName: SalesGlobal type: ROLE description: All Sales people in the company enabled: false requestable: false requestCommentsRequired: false owner: id: 29b6ee3f91484d159b1ceac3109af151 name: se.admin displayName: se.admin disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false accessCount: 8 accessProfileCount: 2 entitlementCount: 4 roleCount: 2 modified: '2024-12-13T02:49:18.104Z' visibleSegments: - All Employees visibleSegmentCount: 1 tagCount: 0 pod: pod01-useast1 org: org-name synced: '2024-12-13T06:10:14.229Z' _type: identity type: identity _version: v2 queryInnerHit: summary: Query with innerhit value: - requestCommentsRequired: false schema: group cloudEligible: false displayName: Benefits standalone: false source: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 type: ENTITLEMENT enabled: false privileged: false name: Benefits disabled: false id: 4919721c3c1a4ca484469b85f0fd9ba1 requestable: false attribute: memberOf value: CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com cloudGoverned: false _type: access _originalType: identity _version: v2 - requestCommentsRequired: false owner: displayName: Jerry.Bennett name: Jerry.Bennett id: 278f8a1859df48d2a0adb204257b26a2 cloudEligible: false displayName: Benefits Employees standalone: false description: Access for Benefits Employees. Distribution group and File share access. source: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 revocable: false type: ACCESS_PROFILE enabled: false privileged: false name: Benefits Employees disabled: false id: 7e277d102c874560becc464cdfe33a86 requestable: false cloudGoverned: false _type: access _originalType: identity _version: v2 typeAheadQuery-2: summary: Typeahead query value: - Ethan Johnson - Henry Jones - Joan.Wells - Joanna Gonzales - Joe Cook - Joe.Myers - Johan Jacobs - John Doe - John Roberts - John Smith - John.Jarndyce - John.Smithee - John.Williams - Johnny.Elliott - Jonathan.West - Jordan Wilson - Jordan.Sullivan - Jose.Reed - Joao Carvalho - Kamaria Jones - Lisa Jones - Mia Johnson - Michael Johnson - Scott Johnson typeAheadQueryNestedType: summary: Typeahead query with nestedtype value: - Active Directory - PRISM - ServiceNow - TRAKK-WS - AWS filterExists: summary: Filter with exists value: - name: Cory Henry firstName: Cory lastName: Henry displayName: Cory Henry id: 026bb65ed1f54fcd89197ca986e9acac email: Cory.Henry@sailpointdemo.com created: '2024-04-04T21:32:46.844Z' inactive: false protected: false status: UNREGISTERED employeeNumber: '10090' manager: id: 903349b85746471a9a898722206109bb name: Layla Hendricks displayName: Layla Hendricks isManager: true identityProfile: id: 00a2bc6244b34f4a88d985f035f2b68b name: HR Global source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global attributes: city: Austin cloudAuthoritativeSource: 524f8d986f9b4192865269516d169eb0 cloudLifecycleState: active cloudStatus: UNREGISTERED country: US department: Revenue Operations displayName: Cory Henry email: Cory.Henry@sailpointdemo.com firstname: Cory identificationNumber: '10090' identityState: ACTIVE internalCloudStatus: UNREGISTERED jobTitle: Manager, System Operations lastname: Henry location: AMS uid: '10090' visibleSegments: - d75ae486-044b-4eba-8113-0cdacb5341df - 8ea4e957-f2f1-4cba-b202-54cc702528d1 disabled: false locked: false accounts: - id: a02142f41ad1407884da04a7bfa586d4 name: Cory Henry accountId: '10090' source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global type: DelimitedFile disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:32:46.844Z' supportsPasswordChange: false - id: f30019e125c74684acee7da3f1643d2a name: $LUJ300-P3QNVHE6R7FB accountId: CN=Cory Henry,OU=Demo,DC=seri,DC=sailpointdemo,DC=com source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory type: Active Directory - Direct disabled: false locked: false privileged: false manuallyCorrelated: true passwordLastSet: '2024-04-04T21:33:34.488Z' entitlementAttributes: memberOf: - CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com created: '2024-04-04T21:37:03.481Z' supportsPasswordChange: true - id: 7fe340119c5d4b00a9b85d55b18a6416 name: Cory Henry accountId: Cory Henry source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow type: IdentityNowConnector disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:37:03.536Z' supportsPasswordChange: true accountAttributes: {} accountCount: 2 apps: - id: '20003' name: Active Directory source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: f30019e125c74684acee7da3f1643d2a accountId: CN=Cory Henry,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20013' name: AD test source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: f30019e125c74684acee7da3f1643d2a accountId: CN=Cory Henry,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20014' name: Test AD source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: f30019e125c74684acee7da3f1643d2a accountId: CN=Cory Henry,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5092' name: Accounting source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: f30019e125c74684acee7da3f1643d2a accountId: CN=Cory Henry,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5822114389092541705' name: IdentityNow app source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow account: id: 7fe340119c5d4b00a9b85d55b18a6416 accountId: Cory Henry appCount: 5 access: - id: ad7025c956734455b28fa35e315e77fe name: Benefits Common Access displayName: Benefits Common Access type: ROLE description: Testing AD provisioning with birthright access enabled: false requestable: false requestCommentsRequired: false owner: id: 322c6bce405a495a8e841a014b7d8410 name: tina.smith displayName: tina.smith disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: 7e277d102c874560becc464cdfe33a86 name: Benefits Employees displayName: Benefits Employees type: ACCESS_PROFILE description: Access for Benefits Employees. Distribution group and File share access. enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: 4919721c3c1a4ca484469b85f0fd9ba1 name: Benefits displayName: Benefits type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group accessCount: 3 accessProfileCount: 1 entitlementCount: 1 roleCount: 1 modified: '2024-12-13T02:49:19.214Z' visibleSegments: - All Employees - Austin Employees visibleSegmentCount: 2 tagCount: 0 pod: pod01-useast1 org: org-name synced: '2024-12-13T06:10:29.734Z' _type: identity type: identity _version: v2 filterRange: summary: Filter with range value: - name: Mia Garcia firstName: Mia lastName: Garcia displayName: Mia Garcia id: 88e405b1a3b8439daf2efc8f4ff0a98b email: Mia.Garcia@sailpointdemo.com created: '2024-04-04T21:33:05.522Z' inactive: false protected: false status: UNREGISTERED employeeNumber: '10142' manager: id: 624db52c764f410baca2b192caad8e58 name: Ethan Johnson displayName: Ethan Johnson isManager: true identityProfile: id: 00a2bc6244b34f4a88d985f035f2b68b name: HR Global source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global attributes: city: London cloudAuthoritativeSource: 524f8d986f9b4192865269516d169eb0 cloudLifecycleState: active cloudStatus: UNREGISTERED country: GB department: EMEA Sales displayName: Mia Garcia email: Mia.Garcia@sailpointdemo.com firstname: Mia identificationNumber: '10142' identityState: ACTIVE internalCloudStatus: UNREGISTERED jobTitle: Regional Director, EMEA Sales lastname: Garcia location: EMEA uid: '10142' visibleSegments: - d75ae486-044b-4eba-8113-0cdacb5341df disabled: false locked: false accounts: - id: 9021760f10b64f42b7ebfb78085ccaff name: Mia Garcia accountId: '10142' source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global type: DelimitedFile disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:33:05.522Z' supportsPasswordChange: false - id: f3ef91f3c2874e79981f2d97297660ee name: $DUJ300-H5LFRVRDLKKM accountId: CN=Mia Garcia,OU=Demo,DC=seri,DC=sailpointdemo,DC=com source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory type: Active Directory - Direct disabled: false locked: false privileged: false manuallyCorrelated: true passwordLastSet: '2024-04-04T21:33:25.979Z' entitlementAttributes: memberOf: - CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com created: '2024-04-04T21:36:54.974Z' supportsPasswordChange: true - id: c379279cc5b9450cbb274aad31486510 name: Mia Garcia accountId: Mia Garcia source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow type: IdentityNowConnector disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:55.027Z' supportsPasswordChange: true accountAttributes: {} accountCount: 2 apps: - id: '20003' name: Active Directory source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: f3ef91f3c2874e79981f2d97297660ee accountId: CN=Mia Garcia,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20013' name: AD test source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: f3ef91f3c2874e79981f2d97297660ee accountId: CN=Mia Garcia,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20014' name: Test AD source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: f3ef91f3c2874e79981f2d97297660ee accountId: CN=Mia Garcia,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5092' name: Accounting source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: f3ef91f3c2874e79981f2d97297660ee accountId: CN=Mia Garcia,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5822114389092541705' name: IdentityNow app source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow account: id: c379279cc5b9450cbb274aad31486510 accountId: Mia Garcia appCount: 5 access: - id: 7e277d102c874560becc464cdfe33a86 name: Benefits Employees displayName: Benefits Employees type: ACCESS_PROFILE description: Access for Benefits Employees. Distribution group and File share access. enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: 468171f0af874adebb58d3718519bd56 name: SalesCommonAccess displayName: SalesCommonAccess type: ACCESS_PROFILE description: Grants basic access for everyone in the sale department enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: ad7025c956734455b28fa35e315e77fe name: Benefits Common Access displayName: Benefits Common Access type: ROLE description: Testing AD provisioning with birthright access enabled: false requestable: false requestCommentsRequired: false owner: id: 322c6bce405a495a8e841a014b7d8410 name: tina.smith displayName: tina.smith disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: a8819cb0445541438fe08dd38f311b3c name: SalesGlobal displayName: SalesGlobal type: ROLE description: All Sales people in the company enabled: false requestable: false requestCommentsRequired: false owner: id: 29b6ee3f91484d159b1ceac3109af151 name: se.admin displayName: se.admin disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: 4919721c3c1a4ca484469b85f0fd9ba1 name: Benefits displayName: Benefits type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 4bf8f57887874e9c83ae3a662bf8988c name: Sales-Folder displayName: Sales-Folder type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: f1bea520cace4489805d26de3463262d name: Salesforce Access displayName: Salesforce Access type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 98a76b26b7884f3e8d115991cebc09b2 name: Salesforce opportunity management displayName: Salesforce opportunity management type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group accessCount: 8 accessProfileCount: 2 entitlementCount: 4 roleCount: 2 modified: '2024-12-13T02:49:35.220Z' visibleSegments: - All Employees visibleSegmentCount: 1 tagCount: 0 pod: pod01-useast1 org: org-name synced: '2024-12-13T06:25:44.222Z' _type: identity type: identity _version: v2 filterTerms: summary: Filter with terms value: - name: Oliver Davies firstName: Oliver lastName: Davies displayName: Oliver Davies id: b173815fef574b74a283f39e6634c215 email: Oliver.Davies@sailpointdemo.com created: '2024-04-04T21:32:27.473Z' inactive: false protected: false status: UNREGISTERED employeeNumber: '10029' manager: id: b8c8e021a4104eda91b80bfac6a99b47 name: Jackson Brooks displayName: Jackson Brooks isManager: true identityProfile: id: 00a2bc6244b34f4a88d985f035f2b68b name: HR Global source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global attributes: city: London cloudAuthoritativeSource: 524f8d986f9b4192865269516d169eb0 cloudLifecycleState: active cloudStatus: UNREGISTERED country: GB department: Customer Support displayName: Oliver Davies email: Oliver.Davies@sailpointdemo.com firstname: Oliver identificationNumber: '10029' identityState: ACTIVE internalCloudStatus: UNREGISTERED jobTitle: Call Center lastname: Davies location: EMEA uid: '10029' visibleSegments: - d75ae486-044b-4eba-8113-0cdacb5341df disabled: false locked: false accounts: - id: c8cacc7080254b2781f56e0ded6c8dea name: $GRJ300-AQD2M7N9L7NT accountId: CN=Oliver Davies,OU=Demo,DC=seri,DC=sailpointdemo,DC=com source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory type: Active Directory - Direct disabled: false locked: false privileged: false manuallyCorrelated: true passwordLastSet: '2024-04-04T21:30:25.205Z' entitlementAttributes: memberOf: - CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com created: '2024-04-04T21:33:54.332Z' supportsPasswordChange: true - id: cd7f58b2290c43909320ff89427b57a1 name: Oliver Davies accountId: '10029' source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global type: DelimitedFile disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:32:27.473Z' supportsPasswordChange: false - id: a1ee6cd948754371a98105a5a6dd067d name: Oliver Davies accountId: Oliver Davies source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow type: IdentityNowConnector disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:33:54.377Z' supportsPasswordChange: true accountAttributes: {} accountCount: 2 apps: - id: '20003' name: Active Directory source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: c8cacc7080254b2781f56e0ded6c8dea accountId: CN=Oliver Davies,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20013' name: AD test source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: c8cacc7080254b2781f56e0ded6c8dea accountId: CN=Oliver Davies,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20014' name: Test AD source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: c8cacc7080254b2781f56e0ded6c8dea accountId: CN=Oliver Davies,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5092' name: Accounting source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: c8cacc7080254b2781f56e0ded6c8dea accountId: CN=Oliver Davies,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5822114389092541705' name: IdentityNow app source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow account: id: a1ee6cd948754371a98105a5a6dd067d accountId: Oliver Davies appCount: 5 access: - id: ad7025c956734455b28fa35e315e77fe name: Benefits Common Access displayName: Benefits Common Access type: ROLE description: Testing AD provisioning with birthright access enabled: false requestable: false requestCommentsRequired: false owner: id: 322c6bce405a495a8e841a014b7d8410 name: tina.smith displayName: tina.smith disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: 7e277d102c874560becc464cdfe33a86 name: Benefits Employees displayName: Benefits Employees type: ACCESS_PROFILE description: Access for Benefits Employees. Distribution group and File share access. enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: 4919721c3c1a4ca484469b85f0fd9ba1 name: Benefits displayName: Benefits type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group accessCount: 3 accessProfileCount: 1 entitlementCount: 1 roleCount: 1 modified: '2024-12-13T02:49:35.917Z' visibleSegments: - All Employees visibleSegmentCount: 1 tagCount: 0 pod: pod01-useast1 org: org-name synced: '2024-12-13T06:28:14.763Z' _type: identity type: identity _version: v2 metricAggregation: summary: Metricaggregation value: indices: - identities aggregationType: SAILPOINT aggregations: metric: name: How Many Locations type: UNIQUE_COUNT field: attributes.city metricAggregation-dsl: summary: Metricaggregation using dsl value: indices: - identities aggregationType: DSL aggregationsDsl: How Many Locations: cardinality: field: attributes.city.exact bucketAggregation: summary: Bucketaggregation value: indices: - identities aggregationType: SAILPOINT aggregations: bucket: name: Identity Locations type: TERMS field: attributes.city bucketAggregation-dsl: summary: Bucketaggregation using dsl value: indices: - identities aggregationType: DSL aggregationsDsl: Identity Locations: terms: field: attributes.city.exact nestedAggregation-bucketAggregation: summary: Nestedaggregation with bucketaggregation value: indices: - identities aggregationType: SAILPOINT aggregations: nested: name: Access field: access type: TERMS bucket: name: Access Source Name type: TERMS field: access.source.name nestedAggregation-bucketAggregation-dsl: summary: Nestedaggregation with bucketaggregation using dsl value: indices: - identities aggregationType: DSL aggregationsDsl: access: nested: path: access aggs: Access Source Name: terms: field: access.source.name.exact nestedAggregation-filterAggregation-bucketAggregation: summary: Nestedaggregation with filteraggregation and bucketaggregation value: indices: - identities aggregationType: SAILPOINT aggregations: nested: name: Access field: access type: TERMS filter: name: Entitlements field: access.type value: ENTITLEMENT bucket: name: Access Name type: TERMS field: access.name nestedAggregation-filterAggregation-bucketAggregation-dsl: summary: Nestedaggregation with filteraggregation and bucketaggregation using dsl value: indices: - identities aggregationType: DSL aggregationsDsl: access: nested: path: access aggs: Entitlements: filter: term: access.type: ENTITLEMENT aggs: Access Name: terms: field: access.name.exact bucketAggregation-subAggregation: summary: Bucketaggregation with subaggregation value: indices: - identities aggregationType: SAILPOINT aggregations: bucket: name: Identity Department type: TERMS field: attributes.department subAggregation: bucket: name: Identity Locations type: TERMS field: attributes.city bucketAggregation-subAggregation-dsl: summary: Bucketaggregation with subaggregation using dsl value: indices: - identities aggregationType: DSL aggregationsDsl: Identity Department: terms: field: attributes.department.exact aggs: Identity Locations: terms: field: attributes.city.exact accessProfile: summary: Accessprofile value: id: 13b856dd9a264206954b63ecbb57a853 name: Cloud Eng description: Cloud Eng source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory entitlements: - hasPermissions: false attribute: memberOf value: CN=Cloud Engineering,DC=sailpoint,DC=COM schema: group privileged: false id: 7372eaddd75749bd89a2e76a363eb891 name: Cloud Engineering description: Cloud Engineering entitlementCount: 1 segments: [] segmentCount: 0 apps: [] created: '2024-09-16T17:41:25Z' modified: '2024-09-16T19:30:54Z' synced: '2025-02-12T06:32:40.156Z' enabled: true requestable: true requestCommentsRequired: false owner: id: ff8081815757d36a015757d42e56031e name: SailPoint Support type: IDENTITY email: cloud-support@sailpoint.com tags: - TAG_1 - TAG_2 accountActivity: summary: Accountactivity value: id: 6f76c3add1db4ba8bbe0d42aaceb7a07 requester: name: Amos.Cunningham id: ef1e2a36099447cb9448c68e1804dd9f type: Identity synced: '2025-01-02T21:47:16.953Z' sources: Active Directory created: '2025-01-02T21:45:59.795Z' accountRequests: - result: status: committed accountId: CN=Amos Cunningham,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com op: Modify provisioningTarget: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 type: ADLDAPConnector source: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 type: ADLDAPConnector attributeRequests: - op: Add name: memberOf value: CN=HelpDesk,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com stage: Completed originalRequests: - result: status: Manual Task Created accountId: CN=Amos Cunningham,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com op: Modify accountUuid: '{17413e85-1c08-4bb0-b658-9afdaad11d0a}' source: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 type: ADLDAPConnector attributeRequests: - op: Add name: memberOf value: CN=HelpDesk,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com expansionItems: [] approvals: - owner: name: tina.smith id: 322c6bce405a495a8e841a014b7d8410 type: Identity result: Finished attributeRequest: op: Add name: memberOf value: - CN=HelpDesk,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com accountUuid: '{17413e85-1c08-4bb0-b658-9afdaad11d0a}' modified: '2025-01-02T21:47:16.903Z' source: name: Active Directory id: 5c71ff71195b4794a0b87e7cf36fb017 type: ADLDAPConnector recipient: name: Amos.Cunningham id: ef1e2a36099447cb9448c68e1804dd9f type: Identity action: Access Request modified: '2025-01-02T21:47:16.903Z' trackingNumber: 051d09b0bb5b453d91f658ba7f1e3171 status: Complete entitlement: summary: Entitlement value: id: 2c9180867dde18d1017de8ea1f5c130f name: Vendor Creation displayName: Vendor Creation created: '2021-12-23T20:09:57.340Z' modified: '2023-05-02T06:31:19.357Z' attribute: groups value: VC sourceSchemaObjectType: group schema: group privileged: false cloudGoverned: false hash: 22ac1f7a13c8a462c67ee74f5fcbf06a277cce50 description: Set up new AP vendors requestable: false source: id: 2c9180887de347a7017de8e75fa5570a type: SOURCE name: Finance containsDataAccess: 'false' event: summary: Event value: id: 001909ce8cc3b519436197105426b18b5fc6ca179803c0c3702e9038107bec78 stack: wps synced: '2023-06-01T22:01:38.170Z' created: '2023-06-01T22:01:37.818Z' objects: - ACCOUNT type: PROVISIONING technicalName: ACCOUNT_MODIFY_PASSED target: name: Colt.Spears actor: name: System name: Modify Account Passed action: ModifyAccount attributes: accountUuid: '{2d1ec18a-84cc-4659-bf75-a1ce4d56a9c5}' cloudAppName: Active Directory appId: 5c71ff71195b4794a0b87e7cf36fb017 sourceId: source sourceName: Active Directory accountName: CN=Colt Spears,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpoint,DC=com interface: Identity Refresh trackingNumber: 1f74901adbc0412d9fa51314195155be operation: MODIFY status: PASSED identity: summary: Identity value: id: 2c9180865c45e7e3015c46c434a80622 name: Laura Peeters firstName: Laura lastName: Peeters displayName: Laura Peeters email: Laura.Peeters@sailpointdemo.com created: '2024-04-04T21:36:00.385Z' inactive: false protected: false status: ACTIVE employeeNumber: '10673' manager: id: 88e405b1a3b8439daf2efc8f4ff0a98b name: Mia Garcia displayName: Mia Garcia isManager: true identityProfile: id: 00a2bc6244b34f4a88d985f035f2b68b name: HR Global source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global attributes: city: Brussels cloudAuthoritativeSource: 524f8d986f9b4192865269516d169eb0 cloudLifecycleState: active cloudStatus: UNREGISTERED country: BE department: EMEA Sales displayName: Laura Peeters email: Laura.Peeters@sailpointdemo.com firstname: Laura identificationNumber: '10673' identityState: ACTIVE internalCloudStatus: UNREGISTERED jobTitle: Manager, Sales - Belgium lastname: Peeters location: EMEA uid: '10673' visibleSegments: - d75ae486-044b-4eba-8113-0cdacb5341df disabled: false locked: false accounts: - id: 830396e8863442f1bce7b485612c8b51 name: Laura Peeters accountId: '10673' source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global type: DelimitedFile disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:00.385Z' supportsPasswordChange: false - id: cd6797419f37492ba22ea991f9d6ba90 name: $SEK300-N3K0K4HOPEB6 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory type: Active Directory - Direct disabled: false locked: false privileged: false manuallyCorrelated: true passwordLastSet: '2024-04-04T21:38:57.434Z' entitlementAttributes: memberOf: - CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com created: '2024-04-04T21:42:26.787Z' supportsPasswordChange: true - id: db145fd0ec6a4e0cbc3a24bbe0758c8f name: Laura Peeters accountId: '10681' source: id: 524f8d986f9b4192865269516d169eb0 name: HR Global type: DelimitedFile disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:15.769Z' supportsPasswordChange: false - id: 6b75898eec394b4c98a5c3d2d9ba311b name: Laura Peeters accountId: Laura Peeters source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow type: IdentityNowConnector disabled: false locked: false privileged: false manuallyCorrelated: false entitlementAttributes: {} created: '2024-04-04T21:36:15.809Z' supportsPasswordChange: true accountAttributes: {} accountCount: 3 apps: - id: '20003' name: Active Directory source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20013' name: AD test source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '20014' name: Test AD source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5092' name: Accounting source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory account: id: cd6797419f37492ba22ea991f9d6ba90 accountId: CN=Laura Peeters,OU=Demo,DC=seri,DC=sailpointdemo,DC=com - id: '5822114389092541705' name: IdentityNow app source: id: af4686d6482841ac96d793901372ad9b name: IdentityNow account: id: 6b75898eec394b4c98a5c3d2d9ba311b accountId: Laura Peeters appCount: 5 access: - id: 4919721c3c1a4ca484469b85f0fd9ba1 name: Benefits displayName: Benefits type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Benefits,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 4bf8f57887874e9c83ae3a662bf8988c name: Sales-Folder displayName: Sales-Folder type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Sales-Folder,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: f1bea520cace4489805d26de3463262d name: Salesforce Access displayName: Salesforce Access type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Salesforce Access,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 98a76b26b7884f3e8d115991cebc09b2 name: Salesforce opportunity management displayName: Salesforce opportunity management type: ENTITLEMENT enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory disabled: false privileged: false attribute: memberOf value: CN=Salesforce opportunity management,OU=Sales,OU=AI,OU=Demo,DC=seri,DC=sailpointdemo,DC=com standalone: false cloudEligible: false cloudGoverned: false schema: group - id: 7e277d102c874560becc464cdfe33a86 name: Benefits Employees displayName: Benefits Employees type: ACCESS_PROFILE description: Access for Benefits Employees. Distribution group and File share access. enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: 468171f0af874adebb58d3718519bd56 name: SalesCommonAccess displayName: SalesCommonAccess type: ACCESS_PROFILE description: Grants basic access for everyone in the sale department enabled: false requestable: false requestCommentsRequired: false source: id: 5c71ff71195b4794a0b87e7cf36fb017 name: Active Directory owner: id: 278f8a1859df48d2a0adb204257b26a2 name: Jerry.Bennett displayName: Jerry.Bennett disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: ad7025c956734455b28fa35e315e77fe name: Benefits Common Access displayName: Benefits Common Access type: ROLE description: Testing AD provisioning with birthright access enabled: false requestable: false requestCommentsRequired: false owner: id: 322c6bce405a495a8e841a014b7d8410 name: tina.smith displayName: tina.smith disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false - id: a8819cb0445541438fe08dd38f311b3c name: SalesGlobal displayName: SalesGlobal type: ROLE description: All Sales people in the company enabled: false requestable: false requestCommentsRequired: false owner: id: 29b6ee3f91484d159b1ceac3109af151 name: se.admin displayName: se.admin disabled: false privileged: false standalone: false revocable: false cloudEligible: false cloudGoverned: false accessCount: 8 accessProfileCount: 2 entitlementCount: 4 roleCount: 2 modified: '2025-01-17T03:17:17.895Z' visibleSegments: - All Employees visibleSegmentCount: 1 tagCount: 2 tags: - TAG_1 - TAG_2 role: summary: Role value: id: 2c91808c6faadea6016fb4f2bc69077b accessProfileCount: 1 accessProfiles: - id: 468171f0af874adebb58d3718519bd56 name: SalesCommonAccess created: '2023-06-01T22:00:55.311Z' description: All Sales people in the company dimensional: false enabled: true modified: '2023-06-01T22:00:55.432Z' name: SalesGlobal owner: email: admin@sailpointdemo.com id: c18630c4811c4030810afb3a14f388cf name: admin type: IDENTITY requestCommentsRequired: false requestable: true tags: - TAG_1 - TAG_2 identities-details-report-results: summary: Identities details report result. value: reportType: IDENTITIES_DETAILS taskDefName: Identities Details Report id: 1e01d272b8084c4fa12fcf8fa898102d created: '2023-09-07T42:14:05.122Z' status: SUCCESS duration: 3681 rows: 193 availableFormats: - CSV account-export-report-details: summary: Account export report value: reportType: ACCOUNTS arguments: application: 2c9180897eSourceIde781782f705b9 sourceName: Active Directory identities-details-report-details: summary: Identities details report value: reportType: IDENTITIES_DETAILS arguments: correlatedOnly: true identities-report-details: summary: Identities report value: reportType: IDENTITIES arguments: correlatedOnly: true identity-profile-identity-error-report-details: summary: Identity profile identity error report value: reportType: IDENTITY_PROFILE_IDENTITY_ERROR arguments: authoritativeSource: 2c9180847de347aa017de8ef09167792 orphan-identities-report-details: summary: Orphan identities report value: reportType: ORPHAN_IDENTITIES arguments: selectedFormats: - CSV - PDF search-export-report-details: summary: Search export report value: reportType: SEARCH_EXPORT arguments: indices: - identities query: attributes.city:London columns: displayName,firstName,lastName,email,attributes.city,created,attributes.cloudLifecycleState,access.spread sort: - +displayName uncorrelated-accounts-report-details: summary: Uncorrelated accounts report value: reportType: UNCORRELATED_ACCOUNTS arguments: selectedFormats: - CSV - PDF identities-details-report-task-result: summary: Identities details report task result. value: reportType: IDENTITIES_DETAILS taskDefName: Identities Details Report type: QUARTZ id: a248c16fe22222b2bd49615481311111 created: '2023-09-07T42:14:00.364Z' description: A detailed view of the identities in the system. parentName: Audit Report launcher: '9832285' launched: '2023-09-07T42:14:00.521Z' completed: '2023-09-07T42:14:01.137Z' messages: [] returns: [] attributes: org: an-org progress: Initializing... search-export-report-task-result: summary: Identities details report task result. value: reportType: SEARCH_EXPORT taskDefName: Search Export type: QUARTZ id: a248c16fe22222b2bd49615481311111 created: '2023-09-07T42:14:11.137Z' description: Extract query data from ElasticSearch to CSV parentName: null launcher: T05293 launched: '2020-09-07T42:14:11.137Z' completed: '2020-09-07T42:14:13.451Z' messages: [] returns: [] attributes: queryHash: 5e12cf79c67d92e23d4d8cb3e974f87d164e86d4a48d32ecf89645cacfd3f2 org: an-org queryParams: columns: displayName,firstName,lastName,email,created,attributes.cloudLifecycleState,tags,access.spread,apps.pread,accounts.spread indices: identities ownerId: 95ecba5c5444439c999aec638ce2a777 query: 700007 sort: displayName progress: Initializing... evaluateEmpty: summary: Evaluate response when no reassignment configuration is found value: reassignToId: 2c9180825a6c1adc015a71c9023f0818 lookupTrail: [] evaluateLong: summary: Evaluate response when a long reassignment trail is found value: reassignToId: 2c9180825a6c1adc015a71c9023f0818 lookupTrail: - reassignedToId: 2c918084575812550157589064f33b89 reassignedFromId: 2c9180825a6c1adc015a71c9023f0818 reassignmentType: AUTOMATIC_REASSIGNMENT - reassignedToId: 073204941f3f49c0b3a3c49d1c17ef0e reassignedFromId: 2c918084575812550157589064f33b89 reassignmentType: AUTOMATIC_REASSIGNMENT - reassignedToId: 31d9c631f5574571a935aaa48a6255df reassignedFromId: 073204941f3f49c0b3a3c49d1c17ef0e reassignmentType: AUTOMATIC_REASSIGNMENT - reassignedToId: 279de502e5dc43f4854e1b96f57c578f reassignedFromId: 31d9c631f5574571a935aaa48a6255df reassignmentType: AUTOMATIC_REASSIGNMENT evaluateSelfReview: summary: Evaluate response when a self-review is found and manager or org admin escalation is applied value: reassignToId: 2c9180825a6c1adc015a71c9023f0818 lookupTrail: - reassignedToId: 2c918084575812550157589064f33b89 reassignedFromId: 2c9180825a6c1adc015a71c9023f0818 reassignmentType: AUTOMATIC_REASSIGNMENT - reassignedToId: 073204941f3f49c0b3a3c49d1c17ef0e reassignedFromId: 2c918084575812550157589064f33b89 reassignmentType: AUTOMATIC_REASSIGNMENT - reassignedToId: 31d9c631f5574571a935aaa48a6255df reassignedFromId: 073204941f3f49c0b3a3c49d1c17ef0e reassignmentType: SELF_REVIEW_DELEGATION - reassignedToId: 279de502e5dc43f4854e1b96f57c578f reassignedFromId: 31d9c631f5574571a935aaa48a6255df reassignmentType: AUTOMATIC_REASSIGNMENT SlimDiscoveredApplications: description: List of discovered applications value: - id: 09d88a67-bae8-422c-a09b-f7a72f5ab032 name: Example App discoverySource: csv discoveredVendor: Example Vendor description: An application for managing examples. recommendedConnectors: - ConnectorA - ConnectorB discoveredAt: '2023-07-01T12:00:00Z' createdAt: '2024-06-01T12:00:00Z' status: ACTIVE - id: 59310a1e-0d8f-42fa-95aa-b82b263de7f6 name: Sample Tracker discoverySource: Okta SaaS discoveredVendor: Sample Vendor description: A tool for monitoring and managing samples. recommendedConnectors: - ConnectorC - ConnectorD discoveredAt: '2023-08-15T08:00:00Z' createdAt: '2024-05-20T08:00:00Z' status: ACTIVE - id: dfe675cb-f689-475f-99f1-49e348449867 name: Demo Manager discoverySource: Okta SaaS discoveredVendor: Demo Provider description: Software to demonstrate basic functionalities. recommendedConnectors: - ConnectorE - ConnectorF discoveredAt: '2023-09-10T15:00:00Z' createdAt: '2024-07-03T15:00:00Z' status: ACTIVE FullDiscoveredApplications: description: List of discovered applications with their respective associated sources value: - id: 6f672248-2dac-4cf5-9531-fca0719cbb4a name: Example App discoverySource: csv discoveredVendor: Example Vendor description: An application for managing examples. recommendedConnectors: - ConnectorA - ConnectorB discoveredAt: '2023-07-01T12:00:00Z' createdAt: '2024-06-01T12:00:00Z' status: ACTIVE associatedSources: - e0cc5d7d-bf7f-4f81-b2af-8885b09d9923 - id: b3a3a704-6a45-45ee-a501-bbc332388222 name: Sample Tracker discoverySource: Okta SaaS discoveredVendor: Sample Vendor description: A tool for monitoring and managing samples. recommendedConnectors: - ConnectorC - ConnectorD discoveredAt: '2023-08-15T08:00:00Z' createdAt: '2024-05-20T08:00:00Z' status: ACTIVE associatedSources: - a3b159f2-5f09-43c9-b40e-a6f317aa5b8f - e0cc5d7d-bf7f-4f81-b2af-8885b09d9923 - id: 1d070458-faed-4a6c-8990-918ad70a06ee name: Demo Manager discoverySource: Okta SaaS discoveredVendor: Demo Provider description: Software to demonstrate basic functionalities. recommendedConnectors: - ConnectorE - ConnectorF discoveredAt: '2023-09-10T15:00:00Z' createdAt: '2024-07-03T15:00:00Z' status: ACTIVE associatedSources: - 4e2d7605-833f-4c34-8d03-5b2c7d2f4f66 - f9b7e2ce-aced-4117-a95f-4ffad8b33989 - a3b159f2-5f09-43c9-b40e-a6f317aa5b8f - id: 9be7c5a5-9f37-46ba-965a-e5b9453472c6 name: Task Organizer discoverySource: Manual Entry discoveredVendor: Organizer Solutions description: An application designed to help teams manage tasks and projects efficiently. recommendedConnectors: - ConnectorG - ConnectorH discoveredAt: '2023-10-05T14:00:00Z' createdAt: '2024-08-01T14:00:00Z' status: ACTIVE associatedSources: []